Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 34

Thread: Ilivid Root kit issue

  1. #11
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Yes give it another try and post the log if it is created.

    I removed the gardencitygroup.com for the time being to be sure it wasn't causing your system any problems. After we are done she can just allow it again with no problems if she wishes.

  2. #12
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    OK - it ran successfully. WHere is the log file kept? Tough to search right now - still slow as molasses.

  3. #13
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    found it

    ComboFix 12-09-20.02 - Phil 09/22/2012 1:18:21.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1880 [GMT -4:00]
    Running from: C:\Users\Phil\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Phil\Desktop\CFScript.txt.txt
    AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
    SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\program files (x86)\Ask.com\GenericAskToolbar.dll"


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    c:\program files (x86)\Ask.com\GenericAskToolbar.dll


    ((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))


    2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
    2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
    2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
    2012-09-12 07:07:06 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
    2012-09-12 07:07:06 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
    2012-09-12 07:07:04 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll
    2012-09-12 07:07:04 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 07:07:03 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2012-09-12 07:07:03 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
    2012-09-12 07:07:03 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
    2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
    2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
    2012-09-09 03:17:00 . 2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-24 03:05:37 . 2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
    2012-08-24 03:05:12 . 2012-04-14 01:30:04 61184 ----a-w- C:\Windows\system32\drivers\sbhips.sys
    2012-08-24 03:04:57 . 2011-09-29 17:16:18 119416 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
    2012-08-24 03:04:56 . 2012-04-14 01:30:04 258304 ----a-w- C:\Windows\system32\drivers\SbFw.sys
    2012-08-24 03:04:55 . 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\system32\sbbd.exe
    2012-08-24 03:04:05 . 2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
    2012-08-24 03:03:45 . 2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
    2012-08-24 03:03:40 . 2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-09-21 15:48:09 . 2012-04-17 12:31:44 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-21 15:48:09 . 2011-05-26 02:12:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 07:01:08 . 2009-12-19 18:18:17 64462936 ----a-w- C:\Windows\system32\MRT.exe
    2012-07-18 18:15:06 . 2012-08-14 23:41:02 3148800 ----a-w- C:\Windows\system32\win32k.sys
    2012-07-04 22:16:43 . 2012-08-14 23:41:10 73216 ----a-w- C:\Windows\system32\netapi32.dll
    2012-07-04 22:13:27 . 2012-08-14 23:41:11 59392 ----a-w- C:\Windows\system32\browcli.dll
    2012-07-04 22:13:27 . 2012-08-14 23:41:11 136704 ----a-w- C:\Windows\system32\browser.dll
    2012-07-04 21:14:34 . 2012-08-14 23:41:10 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-29 04:55:23 . 2012-08-15 07:08:05 17809920 ----a-w- C:\Windows\system32\mshtml.dll
    2012-06-29 04:09:35 . 2012-08-15 07:08:04 10925568 ----a-w- C:\Windows\system32\ieframe.dll
    2012-06-29 03:56:34 . 2012-08-15 07:08:12 2312704 ----a-w- C:\Windows\system32\jscript9.dll
    2012-06-29 03:49:57 . 2012-08-15 07:08:14 1346048 ----a-w- C:\Windows\system32\urlmon.dll
    2012-06-29 03:49:11 . 2012-08-15 07:08:11 1392128 ----a-w- C:\Windows\system32\wininet.dll
    2012-06-29 03:48:07 . 2012-08-15 07:08:12 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
    2012-06-29 03:47:35 . 2012-08-15 07:08:14 237056 ----a-w- C:\Windows\system32\url.dll
    2012-06-29 03:45:55 . 2012-08-15 07:08:11 85504 ----a-w- C:\Windows\system32\jsproxy.dll
    2012-06-29 03:44:51 . 2012-08-15 07:08:10 816640 ----a-w- C:\Windows\system32\jscript.dll
    2012-06-29 03:43:49 . 2012-08-15 07:08:13 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
    2012-06-29 03:42:23 . 2012-08-15 07:08:14 2144768 ----a-w- C:\Windows\system32\iertutil.dll
    2012-06-29 03:40:11 . 2012-08-15 07:08:15 96768 ----a-w- C:\Windows\system32\mshtmled.dll
    2012-06-29 03:39:48 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
    2012-06-29 03:35:21 . 2012-08-15 07:08:13 248320 ----a-w- C:\Windows\system32\ieui.dll
    2012-06-29 00:16:58 . 2012-08-15 07:08:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 . 2012-08-15 07:08:12 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 . 2012-08-15 07:08:13 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 . 2012-08-15 07:08:13 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-25 18:58:46 . 2012-07-05 16:03:38 17936 ----a-w- C:\Windows\system32\nitrolocalui2.dll
    2012-06-25 18:58:44 . 2012-07-05 16:03:37 29712 ----a-w- C:\Windows\system32\nitrolocalmon2.dll

  4. #14
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Looks like only part of the log is there. Could you check and make sure you were able to copy it completely and then paste it here.

  5. #15
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Still here?

  6. #16
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    Will check it out. Thanks.

  7. #17
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    This is the txt file. I can try to run the last step again, but my PC has gotten even slower.


    ComboFix 12-09-20.02 - Phil 09/22/2012 1:18:21.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1880 [GMT -4:00]
    Running from: C:\Users\Phil\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Phil\Desktop\CFScript.txt.txt
    AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
    SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    FILE ::
    "c:\program files (x86)\Ask.com\GenericAskToolbar.dll"


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    c:\program files (x86)\Ask.com\GenericAskToolbar.dll


    ((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))


    2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
    2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
    2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
    2012-09-12 07:07:06 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
    2012-09-12 07:07:06 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
    2012-09-12 07:07:04 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll
    2012-09-12 07:07:04 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-09-12 07:07:03 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2012-09-12 07:07:03 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
    2012-09-12 07:07:03 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
    2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
    2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
    2012-09-09 03:17:00 . 2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2012-08-24 03:05:37 . 2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
    2012-08-24 03:05:12 . 2012-04-14 01:30:04 61184 ----a-w- C:\Windows\system32\drivers\sbhips.sys
    2012-08-24 03:04:57 . 2011-09-29 17:16:18 119416 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
    2012-08-24 03:04:56 . 2012-04-14 01:30:04 258304 ----a-w- C:\Windows\system32\drivers\SbFw.sys
    2012-08-24 03:04:55 . 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\system32\sbbd.exe
    2012-08-24 03:04:05 . 2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
    2012-08-24 03:03:45 . 2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
    2012-08-24 03:03:40 . 2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-09-21 15:48:09 . 2012-04-17 12:31:44 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-21 15:48:09 . 2011-05-26 02:12:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-13 07:01:08 . 2009-12-19 18:18:17 64462936 ----a-w- C:\Windows\system32\MRT.exe
    2012-07-18 18:15:06 . 2012-08-14 23:41:02 3148800 ----a-w- C:\Windows\system32\win32k.sys
    2012-07-04 22:16:43 . 2012-08-14 23:41:10 73216 ----a-w- C:\Windows\system32\netapi32.dll
    2012-07-04 22:13:27 . 2012-08-14 23:41:11 59392 ----a-w- C:\Windows\system32\browcli.dll
    2012-07-04 22:13:27 . 2012-08-14 23:41:11 136704 ----a-w- C:\Windows\system32\browser.dll
    2012-07-04 21:14:34 . 2012-08-14 23:41:10 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-29 04:55:23 . 2012-08-15 07:08:05 17809920 ----a-w- C:\Windows\system32\mshtml.dll
    2012-06-29 04:09:35 . 2012-08-15 07:08:04 10925568 ----a-w- C:\Windows\system32\ieframe.dll
    2012-06-29 03:56:34 . 2012-08-15 07:08:12 2312704 ----a-w- C:\Windows\system32\jscript9.dll
    2012-06-29 03:49:57 . 2012-08-15 07:08:14 1346048 ----a-w- C:\Windows\system32\urlmon.dll
    2012-06-29 03:49:11 . 2012-08-15 07:08:11 1392128 ----a-w- C:\Windows\system32\wininet.dll
    2012-06-29 03:48:07 . 2012-08-15 07:08:12 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
    2012-06-29 03:47:35 . 2012-08-15 07:08:14 237056 ----a-w- C:\Windows\system32\url.dll
    2012-06-29 03:45:55 . 2012-08-15 07:08:11 85504 ----a-w- C:\Windows\system32\jsproxy.dll
    2012-06-29 03:44:51 . 2012-08-15 07:08:10 816640 ----a-w- C:\Windows\system32\jscript.dll
    2012-06-29 03:43:49 . 2012-08-15 07:08:13 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
    2012-06-29 03:42:23 . 2012-08-15 07:08:14 2144768 ----a-w- C:\Windows\system32\iertutil.dll
    2012-06-29 03:40:11 . 2012-08-15 07:08:15 96768 ----a-w- C:\Windows\system32\mshtmled.dll
    2012-06-29 03:39:48 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
    2012-06-29 03:35:21 . 2012-08-15 07:08:13 248320 ----a-w- C:\Windows\system32\ieui.dll
    2012-06-29 00:16:58 . 2012-08-15 07:08:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 . 2012-08-15 07:08:12 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 . 2012-08-15 07:08:13 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 . 2012-08-15 07:08:13 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-25 18:58:46 . 2012-07-05 16:03:38 17936 ----a-w- C:\Windows\system32\nitrolocalui2.dll
    2012-06-25 18:58:44 . 2012-07-05 16:03:37 29712 ----a-w- C:\Windows\system32\nitrolocalmon2.dll

  8. #18
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    i got my pc to run a little faster in safe mode.

    running combofix again with that script

  9. #19
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    combofix run in safe mode last night. log that was located in C:/Combofix/

    ComboFix 12-09-24.03 - Phil 09/25/2012 20:51:45.3.2 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2246 [GMT -4:00]
    Running from: C:\Users\Phil\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Phil\Desktop\CFScript.txt
    AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
    SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point

    FILE ::
    "c:\program files (x86)\Ask.com\GenericAskToolbar.dll"


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Windows\Fonts\ftrabd__.ttf
    C:\Windows\Fonts\ftrabk__.ttf
    C:\Windows\Fonts\ftrabki_.ttf
    C:\Windows\Fonts\ftrahv__.ttf
    C:\Windows\Fonts\ftralt__.ttf
    C:\Windows\Fonts\ftramd__.ttf

    ---- Previous Run -------

    c:\program files (x86)\Ask.com\GenericAskToolbar.dll


    ((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))


    2012-09-26 02:02:10 . 2012-09-26 02:02:10 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
    2012-09-26 02:02:10 . 2012-09-26 02:02:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
    2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
    2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
    2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  10. #20
    Junior Member
    Join Date
    Sep 2012
    Posts
    21

    Default

    it was run off this script:

    ClearJavaCache::

    DDS::
    Trusted Zone: gardencitygroup.com
    Trusted Zone: gardencitygroup.com\ctx

    File::
    c:\program files (x86)\Ask.com\GenericAskToolbar.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •