-
Hi,
Yes give it another try and post the log if it is created.
I removed the gardencitygroup.com for the time being to be sure it wasn't causing your system any problems. After we are done she can just allow it again with no problems if she wishes.
-
OK - it ran successfully. WHere is the log file kept? Tough to search right now - still slow as molasses.
-
found it
ComboFix 12-09-20.02 - Phil 09/22/2012 1:18:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1880 [GMT -4:00]
Running from: C:\Users\Phil\Desktop\ComboFix.exe
Command switches used :: C:\Users\Phil\Desktop\CFScript.txt.txt
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-09-12 07:07:06 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-09-12 07:07:06 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 07:07:04 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll
2012-09-12 07:07:04 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:07:03 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
2012-09-09 03:17:00 . 2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 03:05:37 . 2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
2012-08-24 03:05:12 . 2012-04-14 01:30:04 61184 ----a-w- C:\Windows\system32\drivers\sbhips.sys
2012-08-24 03:04:57 . 2011-09-29 17:16:18 119416 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
2012-08-24 03:04:56 . 2012-04-14 01:30:04 258304 ----a-w- C:\Windows\system32\drivers\SbFw.sys
2012-08-24 03:04:55 . 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\system32\sbbd.exe
2012-08-24 03:04:05 . 2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-24 03:03:45 . 2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-24 03:03:40 . 2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-09-21 15:48:09 . 2012-04-17 12:31:44 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:48:09 . 2011-05-26 02:12:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01:08 . 2009-12-19 18:18:17 64462936 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-14 23:41:02 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-04 22:16:43 . 2012-08-14 23:41:10 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-14 23:41:10 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-15 07:08:05 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-15 07:08:04 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-15 07:08:12 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-15 07:08:14 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-15 07:08:11 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-15 07:08:12 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-15 07:08:14 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-15 07:08:11 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-15 07:08:10 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-15 07:08:13 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-15 07:08:14 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-15 07:08:15 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-15 07:08:13 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-15 07:08:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-15 07:08:12 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-15 07:08:13 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-15 07:08:13 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 18:58:46 . 2012-07-05 16:03:38 17936 ----a-w- C:\Windows\system32\nitrolocalui2.dll
2012-06-25 18:58:44 . 2012-07-05 16:03:37 29712 ----a-w- C:\Windows\system32\nitrolocalmon2.dll
-
Hi,
Looks like only part of the log is there. Could you check and make sure you were able to copy it completely and then paste it here.
-
-
Will check it out. Thanks.
-
This is the txt file. I can try to run the last step again, but my PC has gotten even slower.
ComboFix 12-09-20.02 - Phil 09/22/2012 1:18:21.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1880 [GMT -4:00]
Running from: C:\Users\Phil\Desktop\ComboFix.exe
Command switches used :: C:\Users\Phil\Desktop\CFScript.txt.txt
AV: GFI Software VIPRE *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FILE ::
"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
((((((((((((((((((((((((( Files Created from 2012-08-22 to 2012-09-22 )))))))))))))))))))))))))))))))
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-22 09:35:19 . 2012-09-22 09:35:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-09-12 07:07:06 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys
2012-09-12 07:07:06 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 07:07:04 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll
2012-09-12 07:07:04 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 07:07:03 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys
2012-09-12 07:07:03 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
2012-09-09 03:17:00 . 2012-09-09 03:17:00 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-24 03:05:37 . 2012-08-24 03:05:37 -------- d-----w- C:\ProgramData\GFI Software
2012-08-24 03:05:12 . 2012-04-14 01:30:04 61184 ----a-w- C:\Windows\system32\drivers\sbhips.sys
2012-08-24 03:04:57 . 2011-09-29 17:16:18 119416 ----a-w- C:\Windows\system32\drivers\SbFwIm.sys
2012-08-24 03:04:56 . 2012-04-14 01:30:04 258304 ----a-w- C:\Windows\system32\drivers\SbFw.sys
2012-08-24 03:04:55 . 2012-06-22 19:37:42 46472 ----a-w- C:\Windows\system32\sbbd.exe
2012-08-24 03:04:05 . 2012-08-24 03:04:05 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-08-24 03:03:45 . 2012-08-24 03:03:45 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-24 03:03:40 . 2012-08-24 03:03:40 -------- d-----w- C:\Users\Phil\AppData\Roaming\GFI Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-09-21 15:48:09 . 2012-04-17 12:31:44 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:48:09 . 2011-05-26 02:12:20 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01:08 . 2009-12-19 18:18:17 64462936 ----a-w- C:\Windows\system32\MRT.exe
2012-07-18 18:15:06 . 2012-08-14 23:41:02 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-07-04 22:16:43 . 2012-08-14 23:41:10 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-07-04 22:13:27 . 2012-08-14 23:41:11 136704 ----a-w- C:\Windows\system32\browser.dll
2012-07-04 21:14:34 . 2012-08-14 23:41:10 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 04:55:23 . 2012-08-15 07:08:05 17809920 ----a-w- C:\Windows\system32\mshtml.dll
2012-06-29 04:09:35 . 2012-08-15 07:08:04 10925568 ----a-w- C:\Windows\system32\ieframe.dll
2012-06-29 03:56:34 . 2012-08-15 07:08:12 2312704 ----a-w- C:\Windows\system32\jscript9.dll
2012-06-29 03:49:57 . 2012-08-15 07:08:14 1346048 ----a-w- C:\Windows\system32\urlmon.dll
2012-06-29 03:49:11 . 2012-08-15 07:08:11 1392128 ----a-w- C:\Windows\system32\wininet.dll
2012-06-29 03:48:07 . 2012-08-15 07:08:12 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl
2012-06-29 03:47:35 . 2012-08-15 07:08:14 237056 ----a-w- C:\Windows\system32\url.dll
2012-06-29 03:45:55 . 2012-08-15 07:08:11 85504 ----a-w- C:\Windows\system32\jsproxy.dll
2012-06-29 03:44:51 . 2012-08-15 07:08:10 816640 ----a-w- C:\Windows\system32\jscript.dll
2012-06-29 03:43:49 . 2012-08-15 07:08:13 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
2012-06-29 03:42:23 . 2012-08-15 07:08:14 2144768 ----a-w- C:\Windows\system32\iertutil.dll
2012-06-29 03:40:11 . 2012-08-15 07:08:15 96768 ----a-w- C:\Windows\system32\mshtmled.dll
2012-06-29 03:39:48 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\system32\mshtml.tlb
2012-06-29 03:35:21 . 2012-08-15 07:08:13 248320 ----a-w- C:\Windows\system32\ieui.dll
2012-06-29 00:16:58 . 2012-08-15 07:08:11 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 . 2012-08-15 07:08:12 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 . 2012-08-15 07:08:13 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 . 2012-08-15 07:08:13 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 . 2012-08-15 07:08:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 18:58:46 . 2012-07-05 16:03:38 17936 ----a-w- C:\Windows\system32\nitrolocalui2.dll
2012-06-25 18:58:44 . 2012-07-05 16:03:37 29712 ----a-w- C:\Windows\system32\nitrolocalmon2.dll
-
i got my pc to run a little faster in safe mode.
running combofix again with that script
-
combofix run in safe mode last night. log that was located in C:/Combofix/
ComboFix 12-09-24.03 - Phil 09/25/2012 20:51:45.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2246 [GMT -4:00]
Running from: C:\Users\Phil\Desktop\ComboFix.exe
Command switches used :: C:\Users\Phil\Desktop\CFScript.txt
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\program files (x86)\Ask.com\GenericAskToolbar.dll"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Windows\Fonts\ftrabd__.ttf
C:\Windows\Fonts\ftrabk__.ttf
C:\Windows\Fonts\ftrabki_.ttf
C:\Windows\Fonts\ftrahv__.ttf
C:\Windows\Fonts\ftralt__.ttf
C:\Windows\Fonts\ftramd__.ttf
---- Previous Run -------
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
2012-09-26 02:02:10 . 2012-09-26 02:02:10 -------- d-----w- C:\Users\Mcx1-PHILS-HP\AppData\Local\temp
2012-09-26 02:02:10 . 2012-09-26 02:02:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-09-21 22:04:28 . 2012-09-21 22:04:28 208216 ----a-w- C:\Windows\system32\drivers\00295725.sys
2012-09-14 04:46:35 . 2012-09-14 04:46:46 -------- d-----w- C:\Program Files (x86)\ERUNT
2012-09-09 12:35:04 . 2012-09-09 12:35:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-09-09 12:35:04 . 2012-09-09 12:35:04 -------- d-----w- C:\Users\Phil\AppData\Roaming\HDRsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
-
it was run off this script:
ClearJavaCache::
DDS::
Trusted Zone: gardencitygroup.com
Trusted Zone: gardencitygroup.com\ctx
File::
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules