When I run combofix it my system freezes. It doesn't get past stage 4. I ran it in safe mode and regular and it freezes either way.
When I run combofix it my system freezes. It doesn't get past stage 4. I ran it in safe mode and regular and it freezes either way.
Hi,
How much time did you let it stay at stage 4? Please post fresh dds logs (attach.txt contents too).
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
I tried at least four times it would freeze and would not do anything else. I let it go more than an hour at times but it would freeze before that.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 12:20:34 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1361 [GMT -1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Flip Video\FlipShare\FlipShare.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-04 12:13:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:21:29.37 ===============
forgot attachment.
Hi,
Please post dds logs taken in normal mode. Did you have Windows Defender disabled while running ComboFix?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
I disabled Windows Defender and still had the same problem it my screen went black and didn't get past stage 3.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 20:26:33 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.925 [GMT -1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-04 20:41:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:28:10.63 ===============
Hi,
Update Malwarebytes Anti-Malware and run a full scan with it. Post back the report.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Ran Malewarebytes in safe and normal mode and computer froze both times. It found one infection but it froze before scan ended.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 12:14:57 on 2011-07-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1208 [GMT -1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-05 12:05:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-05 12:05:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 12:05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-05 04:10:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-07-05 04:10:43 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-05 04:10:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-05 04:06:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-05 04:06:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-05 04:06:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-05 04:06:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-05 04:06:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-05 04:01:16 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-07-05 04:01:09 40448 ----a-w- c:\windows\system32\winrs.exe
2011-07-05 04:01:09 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-07-05 04:01:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-07-05 04:01:06 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-07-05 04:01:06 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-07-05 04:01:05 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-07-05 04:01:05 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-07-05 04:01:05 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-07-05 04:01:05 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-07-05 04:01:05 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-07-05 04:01:05 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-07-05 04:00:59 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-07-05 04:00:54 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-07-05 04:00:53 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-07-05 04:00:53 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-07-05 04:00:53 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-07-05 04:00:53 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-07-05 04:00:53 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-07-04 21:40:17 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-07-04 21:40:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-04 21:40:06 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-04 21:40:05 17920 ----a-w- c:\windows\system32\netevent.dll
2011-07-04 21:38:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-07-04 20:41:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 15:58:28 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 14:54:10 276992 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 12:49:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 12:49:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 12:49:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 12:49:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 12:49:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:16:42 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 14:24:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
============= FINISH: 12:15:54.42 ===============
Hi,
Run a disk check on your hard drive partitions followed by defragging. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk and Diskeeper. Of free options I recommend MyDefrag and Piriform Defraggler.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.