I hope I am doing this correctly. I'm semi computer literate so bear with me. I have pornbho.ru. When I run spybot it freezes when it gets to that point where it shows pornbho.ru at the bottom. I am using safe mode now but either way it freezes in safe mode or just normal mode. I also downloaded malewarebytes but it freezes when I run that too. Before installing malewarebytes, spybot was the only one anti spyware I had.

I looked at the page where it says manual removal of pornbho.ru but I don't quite understand how to do that.


I tried doing a system restore but it does not let me choose a previous point. I tried to do a manual by typing a previous date in the description field but that didn't work. I don't know if it actually goes back to that date or not. I don't want to have wipe everything out and reinstall everything.

I couldn't do the last step because I can't run spybot and scan because it will freeze my system and it doesn't complete the scan.

Let me know what other information you might need.

Thanks for your help.

.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 20:42:06 on 2011-06-23
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1574 [GMT -1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\ERUNT\ERUNT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 19:04:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 19:04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
2011-06-22 21:03:27 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{28596cde-1b72-4579-8dde-055a220e8c77}\mpengine.dll
.
==================== Find3M ====================
.
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:43:02.67 ===============

Hi,

If help still needed post fresh dds logs, please.

I will be out of town until tomorrow. I will post it then thank you.

Ok, thanks for the heads up :bigthumb:

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 0:21:44 on 2011-07-02
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1541 [GMT -1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-23 39984]
SUnknown SASDIFSV;SASDIFSV; [x]
SUnknown SASKUTIL;SASKUTIL; [x]
.
=============== Created Last 30 ================
.
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 19:04:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 19:04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 0:23:34.58 ===============

Hi,

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Ok I won't be home until tomorrow afternoon and I didn't bring my laptop with me. I will do it then.

:bigthumb:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-03 13:52:52
Windows 6.0.6001 Service Pack 1
Running: pykugqoj.exe; Driver: C:\Users\DREAMC~1\AppData\Local\Temp\kwxorkoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1060] ntdll.dll!LdrLoadDll 77A67933 5 Bytes JMP 013913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

When I run combofix it my system freezes. It doesn't get past stage 4. I ran it in safe mode and regular and it freezes either way.

Hi,

How much time did you let it stay at stage 4? Please post fresh dds logs (attach.txt contents too).

I tried at least four times it would freeze and would not do anything else. I let it go more than an hour at times but it would freeze before that.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 12:20:34 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1361 [GMT -1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Flip Video\FlipShare\FlipShare.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-04 12:13:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:21:29.37 ===============

forgot attachment.

Hi,

Please post dds logs taken in normal mode. Did you have Windows Defender disabled while running ComboFix?

I disabled Windows Defender and still had the same problem it my screen went black and didn't get past stage 3.



DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 20:26:33 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.925 [GMT -1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-04 20:41:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:28:10.63 ===============

Hi,

Update Malwarebytes Anti-Malware and run a full scan with it. Post back the report.

Ran Malewarebytes in safe and normal mode and computer froze both times. It found one infection but it froze before scan ended.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 12:14:57 on 2011-07-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1208 [GMT -1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-05 12:05:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-05 12:05:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 12:05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-05 04:10:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-07-05 04:10:43 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-05 04:10:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-05 04:06:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-05 04:06:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-05 04:06:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-05 04:06:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-05 04:06:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-05 04:01:16 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-07-05 04:01:09 40448 ----a-w- c:\windows\system32\winrs.exe
2011-07-05 04:01:09 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-07-05 04:01:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-07-05 04:01:06 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-07-05 04:01:06 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-07-05 04:01:05 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-07-05 04:01:05 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-07-05 04:01:05 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-07-05 04:01:05 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-07-05 04:01:05 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-07-05 04:01:05 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-07-05 04:00:59 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-07-05 04:00:54 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-07-05 04:00:53 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-07-05 04:00:53 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-07-05 04:00:53 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-07-05 04:00:53 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-07-05 04:00:53 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-07-04 21:40:17 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-07-04 21:40:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-04 21:40:06 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-04 21:40:05 17920 ----a-w- c:\windows\system32\netevent.dll
2011-07-04 21:38:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-07-04 20:41:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 15:58:28 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 14:54:10 276992 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 12:49:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 12:49:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 12:49:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 12:49:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 12:49:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:16:42 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 14:24:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
============= FINISH: 12:15:54.42 ===============

Hi,

Run a disk check (http://windows.microsoft.com/en-US/windows-vista/Check-your-hard-disk-for-errors) on your hard drive partitions followed by defragging. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk (http://www.perfectdisk.com/home) and Diskeeper (http://www.diskeeper.com/diskeeper/home/diskeeper.aspx). Of free options I recommend MyDefrag (http://www.mydefrag.com/) and Piriform Defraggler (http://www.piriform.com/defraggler).

System froze when I checked disk. Got to stage 4 out of 5. I tried several times the last time I let it stay for 2 hours to see if it would complete but didn't. Also tried in safe mode. Ran MyDefrag and froze before it could finish.

I think I might know why it keeps freezing. I changed the power options to never sleep so hopefully that will solve that problem.

Ok, let's see if you're able to run disk check + defrag successfully. If not it's likely a hardware issue causing these problems.

I am running the disk check and it is taking forever but I will leave it on and see what happens no matter how long it takes. I will be going out of town today for four days ( I travel a lot for my job). I will have someone check it to see what the results are and tell me but I will not bring the computer with me. I can report back what the results are but I won't be able to work on it until I get back on Friday.

Ok, thanks for the heads up :bigthumb:

At last check this evening it was still at stage 4. It will be almost two days. Should I keep it running or does that indicate there is a problem?

Are we talking about stage 4 of ComboFix run here? I understood you were just going to run the disk check + defrag processes.

Stage four of the disk check.

Ok, so it looks like potential hard drive problem. I recommend to backup important stuff to separate drive or media and then reformat. If same issues still continue happening then replacing hard drive with a new one is advisable action.

Ok thank you. I will be back tomorrow evening and will let you know then.

You're welcome :)

I did a recovery ran spybot and showed no infections. I started a disk check about 10:45 this morning and it's stuck at stage 67% at stage 5 for several hours now(at least it finally got past stage 4).

Ok, if issues continue occuring then post #29 (http://forums.spybot.info/showpost.php?p=408776&postcount=29) is what I suggest to do.

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.