Need help pornbho.ru

[thisiseasycash]

I hope I am doing this correctly. I'm semi computer literate so bear with me. I have pornbho.ru. When I run spybot it freezes when it gets to that point where it shows pornbho.ru at the bottom. I am using safe mode now but either way it freezes in safe mode or just normal mode. I also downloaded malewarebytes but it freezes when I run that too. Before installing malewarebytes, spybot was the only one anti spyware I had.

I looked at the page where it says manual removal of pornbho.ru but I don't quite understand how to do that.


I tried doing a system restore but it does not let me choose a previous point. I tried to do a manual by typing a previous date in the description field but that didn't work. I don't know if it actually goes back to that date or not. I don't want to have wipe everything out and reinstall everything.

I couldn't do the last step because I can't run spybot and scan because it will freeze my system and it doesn't complete the scan.

Let me know what other information you might need.

Thanks for your help.

.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 20:42:06 on 2011-06-23
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1574 [GMT -1:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\ERUNT\ERUNT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 19:04:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 19:04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
2011-06-22 21:03:27 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{28596cde-1b72-4579-8dde-055a220e8c77}\mpengine.dll
.
==================== Find3M ====================
.
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:43:02.67 ===============

 

[Blade81]

Hi,

If help still needed post fresh dds logs, please.

 

[thisiseasycash]

I will be out of town until tomorrow. I will post it then thank you.

 

[Blade81]

Ok, thanks for the heads up :bigthumb:

 

[thisiseasycash]

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 0:21:44 on 2011-07-02
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1541 [GMT -1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-23 39984]
SUnknown SASDIFSV;SASDIFSV; [x]
SUnknown SASKUTIL;SASKUTIL; [x]
.
=============== Created Last 30 ================
.
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:52 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 19:04:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 19:04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 0:23:34.58 ===============

 

[Blade81]

Hi,

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab, uncheck files option and then click scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

 

[thisiseasycash]

Ok I won't be home until tomorrow afternoon and I didn't bring my laptop with me. I will do it then.

 

[Blade81]

:bigthumb:

 

[thisiseasycash]

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-03 13:52:52
Windows 6.0.6001 Service Pack 1
Running: pykugqoj.exe; Driver: C:\Users\DREAMC~1\AppData\Local\Temp\kwxorkoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1060] ntdll.dll!LdrLoadDll 77A67933 5 Bytes JMP 013913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[Blade81]

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

[thisiseasycash]

When I run combofix it my system freezes. It doesn't get past stage 4. I ran it in safe mode and regular and it freezes either way.

 

[Blade81]

Hi,

How much time did you let it stay at stage 4? Please post fresh dds logs (attach.txt contents too).

 

[thisiseasycash]

I tried at least four times it would freeze and would not do anything else. I let it go more than an hour at times but it would freeze before that.

 

[thisiseasycash]

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 12:20:34 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1361 [GMT -1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Flip Video\FlipShare\FlipShare.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-04 12:13:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:21:29.37 ===============

 

[thisiseasycash]

forgot attachment.

 

[Blade81]

Hi,

Please post dds logs taken in normal mode. Did you have Windows Defender disabled while running ComboFix?

 

[thisiseasycash]

I disabled Windows Defender and still had the same problem it my screen went black and didn't get past stage 3.



DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 20:26:33 on 2011-07-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.925 [GMT -1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-04 20:41:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:28:10.63 ===============

 

[Blade81]

Hi,

Update Malwarebytes Anti-Malware and run a full scan with it. Post back the report.

 

[thisiseasycash]

Ran Malewarebytes in safe and normal mode and computer froze both times. It found one infection but it froze before scan ended.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Run by dreamcatcher at 12:14:57 on 2011-07-05
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1208 [GMT -1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\Windows\system32\lxeacoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [<NO NAME>]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\dreamc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 172.20.1.1
TCP: Interfaces\{F5F0B990-8F17-4FC5-9ED1-300FE37C5852} : DhcpNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dreamcatcher\appdata\roaming\mozilla\firefox\profiles\hxa39twq.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dreamcatcher\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-4-11 193192]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-3 1153368]
.
=============== Created Last 30 ================
.
2011-07-05 12:05:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-05 12:05:27 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 12:05:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-05 04:10:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-07-05 04:10:43 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-07-05 04:10:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-07-05 04:06:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-05 04:06:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-05 04:06:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-05 04:06:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-05 04:06:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-05 04:01:16 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-07-05 04:01:09 40448 ----a-w- c:\windows\system32\winrs.exe
2011-07-05 04:01:09 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-07-05 04:01:09 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-07-05 04:01:06 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-07-05 04:01:06 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-07-05 04:01:05 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-07-05 04:01:05 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-07-05 04:01:05 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-07-05 04:01:05 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-07-05 04:01:05 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-07-05 04:01:05 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-07-05 04:00:59 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-07-05 04:00:54 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-07-05 04:00:53 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-07-05 04:00:53 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-07-05 04:00:53 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-07-05 04:00:53 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-07-05 04:00:53 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-07-04 21:40:17 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-07-04 21:40:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-04 21:40:06 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-04 21:40:05 17920 ----a-w- c:\windows\system32\netevent.dll
2011-07-04 21:38:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-07-04 20:41:14 -------- d-s---w- C:\ComboFix
2011-07-03 21:32:32 98816 ----a-w- c:\windows\sed.exe
2011-07-03 21:32:32 518144 ----a-w- c:\windows\SWREG.exe
2011-07-03 21:32:32 256000 ----a-w- c:\windows\PEV.exe
2011-07-03 21:32:32 208896 ----a-w- c:\windows\MBR.exe
2011-06-28 03:06:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 01:44:00 6144 ------w- c:\windows\system32\C8F.tmp
2011-06-28 01:43:27 6144 ------w- c:\windows\system32\8CE4.tmp
2011-06-28 01:42:53 6144 ------w- c:\windows\system32\57C.tmp
2011-06-28 01:42:42 -------- d-----w- c:\program files\Sophos
2011-06-28 00:21:12 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Safer Networking
2011-06-27 22:08:45 -------- d-----w- C:\PerfLogs
2011-06-27 21:55:29 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c8f09a8-c18d-48cf-976a-46b5305b93b9}\mpengine.dll
2011-06-27 19:56:55 -------- d-----w- c:\programdata\AVAST Software
2011-06-27 19:56:55 -------- d-----w- c:\program files\AVAST Software
2011-06-23 19:04:55 -------- d-----w- c:\users\dreamcatcher\appdata\roaming\Malwarebytes
2011-06-23 19:04:51 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 18:26:49 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-06-27 21:47:51 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-06-27 21:47:47 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-06-16 10:56:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 15:58:28 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 14:54:10 276992 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 12:49:57 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 12:49:55 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 12:49:51 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 12:49:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 12:49:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 15:00:34 833024 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-21 13:28:42 389632 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:16:42 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-21 13:08:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-14 14:24:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
============= FINISH: 12:15:54.42 ===============

 

[Blade81]

Hi,

Run a disk check on your hard drive partitions followed by defragging. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk and Diskeeper. Of free options I recommend MyDefrag and Piriform Defraggler.