Need help pornbho.ru

[thisiseasycash]

When I run combofix it my system freezes. It doesn't get past stage 4. I ran it in safe mode and regular and it freezes either way.

[Blade81]

Hi,

How much time did you let it stay at stage 4? Please post fresh dds logs (attach.txt contents too).

[thisiseasycash]

I tried at least four times it would freeze and would not do anything else. I let it go more than an hour at times but it would freeze before that.

[thisiseasycash]

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 12:20:34 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1361 [GMT -1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Flip Video\FlipShare\FlipShare.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-04 12:13:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:21:29.37 ===============

[thisiseasycash]

forgot attachment.

[Blade81]

Hi,

Please post dds logs taken in normal mode. Did you have Windows Defender disabled while running ComboFix?

[thisiseasycash]

I disabled Windows Defender and still had the same problem it my screen went black and didn't get past stage 3.



DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 20:26:33 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.925 [GMT -1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-04 20:41:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:28:10.63 ===============

[Blade81]

Hi,

Update Malwarebytes Anti-Malware and run a full scan with it. Post back the report.

[thisiseasycash]

Ran Malewarebytes in safe and normal mode and computer froze both times. It found one infection but it froze before scan ended.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 12:14:57 on 2011-07-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1208 [GMT -1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-05 12:05:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-05 12:05:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 12:05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-05 04:10:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-07-05 04:10:43 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-05 04:10:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-05 04:06:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-05 04:06:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-05 04:06:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-05 04:06:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-05 04:06:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-05 04:01:16 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-07-05 04:01:09 40448 ----a-w- c:\windows\system32\winrs.exe
2011-07-05 04:01:09 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-07-05 04:01:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-07-05 04:01:06 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-07-05 04:01:06 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-07-05 04:01:05 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-07-05 04:01:05 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-07-05 04:01:05 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-07-05 04:01:05 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-07-05 04:01:05 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-07-05 04:01:05 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-07-05 04:00:59 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-07-05 04:00:54 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-07-05 04:00:53 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-07-05 04:00:53 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-07-05 04:00:53 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-07-05 04:00:53 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-07-05 04:00:53 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-07-04 21:40:17 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-07-04 21:40:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-04 21:40:06 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-04 21:40:05 17920 ----a-w- c:\windows\system32\netevent.dll
2011-07-04 21:38:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-07-04 20:41:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 15:58:28 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 14:54:10 276992 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 12:49:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 12:49:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 12:49:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 12:49:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 12:49:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:16:42 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 14:24:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
============= FINISH: 12:15:54.42 ===============

[Blade81]

Hi,

Run a disk check on your hard drive partitions followed by defragging. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk and Diskeeper. Of free options I recommend MyDefrag and Piriform Defraggler.