[lmd46]

I have tried to download combofix from both of the links and they both wont let me--they say they are corrupted versions--whats up with that?? They save to the desktop but i cant run them

[Advertisements]

Hmmm, strange. Can you remove any ComboFix files from the Desktop, then try downloading and running it from Safe Mode with Networking...

• Switch on your PC and immediately start tapping the F8 key on the keyboard
• Keep tapping it until a menu comes on the screen whereby you have several options to choose from, one of which is Safe Mode with Networking
• Make sure Safe Mode with Networking is highlighted and then press Enter
• Your PC will now boot into Safe Mode
• From there, open up Internet Explorer and download ComboFix again
• Then, still in Safe Mode, try running ComboFix to see if now works properly

[BlackOxide]

Hmmm, strange. Can you remove any ComboFix files from the Desktop, then try downloading and running it from Safe Mode with Networking...

• Switch on your PC and immediately start tapping the F8 key on the keyboard
• Keep tapping it until a menu comes on the screen whereby you have several options to choose from, one of which is Safe Mode with Networking
• Make sure Safe Mode with Networking is highlighted and then press Enter
• Your PC will now boot into Safe Mode
• From there, open up Internet Explorer and download ComboFix again
• Then, still in Safe Mode, try running ComboFix to see if now works properly

[lmd46]

before i saw previous message i tried 4 times deleting and reinstalling the combofix-finally got it--it was running almost 2 hrs--the note on the start of it said about 10 min or more-it got to stage 47--dont know how far it had to go--I finally stopped it----how long does it normally take???

I will try the safe mode method

what do u thing ofthe red links

[lmd46]

so I ran it in safe mode and it took 5 min--wow--what do you think the prob was?

here is log
ComboFix 11-05-13.02 - Donna 05/13/2011 19:33:49.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.3024 [GMT -4:00]
Running from: c:\users\Donna\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\videos\HP MediaSmart Demo.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 )))))))))))))))))))))))))))))))
.
.
2011-05-13 23:39 . 2011-05-13 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-13 23:39 . 2011-05-13 23:39 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2011-05-13 16:16 . 2011-05-13 16:16 -------- d-----w- c:\users\Donna\AppData\Roaming\Malwarebytes
2011-05-13 16:16 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-13 16:15 . 2011-05-13 16:15 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 16:15 . 2011-05-13 16:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-13 16:15 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 11:18 . 2011-04-11 05:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86136365-4679-4B4C-A4C5-8CCC6BCA89D5}\mpengine.dll
2011-05-12 22:28 . 2011-05-12 22:28 -------- d-----w- C:\_OTL
2011-05-12 01:26 . 2011-04-11 05:21 8802128 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-11 11:15 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 11:15 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 11:15 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 11:15 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 11:15 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 11:15 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 11:15 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 11:15 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 11:15 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 11:15 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 20:59 . 2011-05-10 20:59 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3C4124E-5CF3-4EED-ADDC-B89217ACDCF9}\gapaengine.dll
2011-05-10 20:55 . 2011-05-10 20:55 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-05-10 20:54 . 2011-05-10 20:55 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-10 20:29 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-05-10 20:29 . 2009-10-10 02:41 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-05-10 20:28 . 2010-03-23 18:53 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2011-05-10 20:28 . 2010-03-23 18:53 12772352 ----a-w- c:\windows\system32\idtcpl64.cpl
2011-05-10 20:27 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-10 20:27 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-10 20:19 . 2011-05-10 20:20 -------- d-----w- c:\users\Donna\AppData\Roaming\QuickScan
2011-05-10 17:12 . 2011-04-18 22:05 137760 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-05-10 17:12 . 2011-04-18 22:05 58480 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-05-10 17:10 . 2011-05-10 17:10 -------- dc-h--w- c:\programdata\{3C707538-83E3-4DAC-9218-6D79F3B9FEA5}
2011-05-10 17:10 . 2011-05-10 17:10 -------- d-----w- c:\program files (x86)\Webroot
2011-05-10 17:08 . 2011-05-12 23:45 -------- d-----w- c:\programdata\Webroot
2011-05-10 17:08 . 2011-05-10 17:08 -------- d-----w- c:\users\Donna\AppData\Local\PackageAware
2011-05-10 01:23 . 2011-05-10 01:24 -------- d-----w- c:\users\Donna\AppData\Roaming\Apple Computer
2011-05-10 01:23 . 2011-05-10 01:23 -------- d-----w- c:\users\Donna\AppData\Local\Apple Computer
2011-05-10 01:22 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-10 01:22 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-05-10 01:22 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-05-10 01:19 . 2011-05-10 01:19 -------- d-----w- c:\users\Donna\AppData\Local\Apple
2011-05-10 01:19 . 2011-05-10 01:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-05-10 01:19 . 2011-05-10 01:19 -------- d-----w- c:\program files\Common Files\Apple
2011-05-10 01:18 . 2011-05-10 01:18 -------- d-----w- c:\program files\Bonjour
2011-05-10 01:18 . 2011-05-10 01:18 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-10 01:18 . 2011-05-10 01:21 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-05-10 01:18 . 2011-05-10 01:19 -------- d-----w- c:\programdata\Apple
2011-05-08 01:09 . 2010-03-12 22:21 97280 ----a-w- c:\windows\system32\drivers\ser2pl64.sys
2011-05-08 01:09 . 2005-08-03 20:05 35892 ----a-w- c:\windows\SysWow64\SER9PL.sys
2011-05-08 01:09 . 2005-08-03 20:04 26719 ----a-w- c:\windows\SysWow64\SERSPL.VXD
2011-04-20 23:02 . 2011-04-20 23:02 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-04-20 23:02 . 2011-04-20 23:02 30520 ----a-w- c:\windows\system32\hpservice.exe
2011-04-20 23:02 . 2011-04-20 23:02 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-04-20 23:02 . 2011-04-20 23:02 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2011-04-20 16:59 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-04-14 07:39 . 2011-04-14 07:39 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-04-14 00:33 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 00:33 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 00:30 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 23:02 . 2009-07-08 20:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:26 . 2011-04-06 20:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-20 05:27 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:17 . 2011-04-27 20:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 20:21 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 20:59 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 20:59 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 20:59 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 20:59 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 20:59 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 20:36 . 2011-02-18 20:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 20:36 . 2011-02-18 20:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-05-21 3824472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2011-05-10 1378352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2009-08-13 262416]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DsiUsb;DsiUsb;c:\windows\system32\DRIVERS\DsiUsb.sys [2010-07-22 64088]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 iscFlash;iscFlash;c:\swsetup\sp46590\iscflashx64.sys [2009-08-26 23344]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-05-10 3276136]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373001012-3629978620-655373196-1001Core.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 16:22]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373001012-3629978620-655373196-1001UA.job
- c:\users\Donna\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 16:22]
.
2011-05-10 c:\windows\Tasks\HPCeeScheduleForDonna.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-09 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-09 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-09 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-09 365592]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-10 456192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Software Update Wizard (Redist) - c:\windows\system32\wuwuninst.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-13 19:42:12
ComboFix-quarantined-files.txt 2011-05-13 23:42
.
Pre-Run: 168,669,442,048 bytes free
Post-Run: 168,699,355,136 bytes free
.
- - End Of File - - 5FCA98A119C14B19476CAD7FEB95263D

[BlackOxide]

I've never had those red links appear with me before, so at the moment I don't know what's causing it. My initial thought was a toolbar or Internet Explorer issue. Can you let me know if the red links appear if you use Internet Explorer in it's "No Add ons" mode....


Open Internet Explorer in it's No Add-ons mode

• Click Start > Accessories > System Tools > Internet Explorer (No Add-ons)
• Internet Explorer will then load with no third party extensions/Add ons
• Can you now search for items and let me know if the red links appear in this mode

With ComboFix taking a very long time to run in Normal Mode, it could really be one of several different things. What I would do is uninstall either Microsoft Security Essentials or Webroot, as the Webroot has Anti Virus built into it and it may clash with Security Essentials. It's always best to have just one Anti Virus installed on a PC


As we stand now, your logs appear good. Can you check to see if you have any redirection now when searching. If you do, can you let me know what sites you are being redirected to. We can then run some deeper scans if that's the case.

[lmd46]

I dont remember if I didabled the webroot and security essentials before or after I tred to intall it--I think it was before--
The reason I have both is b/c when I had the virus I could not access the microsoft essentials to run a scan-It would not pop up on my screen-I had the webroot on a different computer that ino longer use and downloaded it from that one-I dont usually have both-now that we are up and running which should I keep?

Tried getting rid of the add ons and it did not make a difference-still red--not all of them are red, but the same ones do seem to stay red--ie--the American Idol one is never blue

I have not been redirected so far-yay!!

will I have a problem from the 1st step we did when the fix didnt correct all the way--with the hosts?

again,thanks for the help

was this just an annoying bug or was it a destructive info stealing type? just curious

[BlackOxide]

I dont usually have both-now that we are up and running which should I keep?

Personally, I prefer Security Essentials out of the two

I have not been redirected so far-yay!!

Good to hear

will I have a problem from the 1st step we did when the fix didnt correct all the way--with the hosts?

No, you should be just fine. We often have the Hosts file reset as part of an OTL fix anyway, it wasn't that it specifically needed doing, as your Hosts file appears clear anyway

was this just an annoying bug or was it a destructive info stealing type? just curious

By the looks of it, nothing too significant was found on your PC. Some we see are riddled with Trojans etc. It never hurts to change your passwords on important sites, such as Banking, payment and shopping sites you frequently use though



I'm going to have a look into this strange isssue with the red links in Google, to see what I can come up with. In the meantime, can you try clearing your Cookies and Temporary Internet Files in Internet Explorer, to see if this solves the problem...

Clear Internet Explorer's Cache and Cookies

• Open Internet Explorer, then click Tools at the top, then Internet Options
• Under Browsing History on the General Tab, click the Delete... button
• Make sure Temporary Internet Files and Cookies are ticked, leave the others UNticked
• Now click the Delete button to remove these

Close, then reopen Internet Explorer and check to see if the red links issue is still there

[lmd46]

they are still there!

[lmd46]

taking very long time to post

Edited by lmd46, 14 May 2011 - 01:26 PM.

[BlackOxide]

Can you upgrade Internet Explorer to version 9, to see if this cures the problem. You can get the latest Internet Explorer from here. Let me know if this helps.

[lmd46]

omg-what did u make me do?? I did the upgrade now where is all my stuff?? where did all my favorites go--I cant find anything

[lmd46]

good news-no more red!!
but seriously-how do I get everything back that was on my toolbar--I dont like this setup

[BlackOxide]

IE9 will look different to IE8, so nothing to worry about there. Lets get your Favourite bar back. When you are in Internet Explorer, hold down the Alt key on your keyboard, then press the letter V whilst still holding the Alt key. The View menu should then appear at the top. Click Toolbars, then click Favorites Bar. You should see your favorites bar reappear.

If your HP Bing Bar is not visible as well and you would like that back, I would download the latest one from here and install that.

Sounds like IE9 has got rid of the red links, so it has done something positive

Let me know if you are still having problems with anything.

[lmd46]

ok-thats better--dont like the bing bar anyway-

what else do I have to do now--everything seems ok!! yay!!


now my other laptop takes 15 min to turn on--dont know what to do about that

[lmd46]

oh no--red is back