Relatively new build freezing and crashing programs.

[Samwisegam]

Hey guys, so I managed to build myself a decent gaming computer a few months back (8 I'd say to be specific), and every things been going great up until last night. I've noticed a general decline in the processing speed of basically everything I run, my internet connections been slowed, ping is higher in game, firefox and IE crash or freeze up especially when browsing youtube, and boot time has gone down drastically. I'd been using MSE and ran a full scan with that, also ran a scan with Avast! and Malware, nothing but a trojan that Avast! found came up. I'm not really sure where to go from here or where to look even, any advice? Here's system specs.

Operating System: Windows 7 Professional 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.111118-2330)
Language: English (Regional Setting: English)
System Manufacturer: MSI
System Model: MS-7673
BIOS: BIOS Date: 03/02/11 14:57:53 Ver: 04.06.04
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz (4 CPUs), ~3.3GHz
Memory: 8192MB RAM
Available OS Memory: 8174MB RAM
Page File: 2385MB used, 13959MB available
Windows Dir: C:\Windows
DirectX Version: DirectX 11
DX Setup Parameters: Not found
User DPI Setting: Using System DPI
System DPI Setting: 96 DPI (100 percent)
DWM DPI Scaling: Disabled
DxDiag Version: 6.01.7601.17514 32bit Unicode

 

[nekulturny]

I would back up your files and format the drive and try a clean windows install at this point, since you acknowledge you found a trojan.

 

[Samwisegam]

I would back up your files and format the drive and try a clean windows install at this point, since you acknowledge you found a trojan.

Sigh. Alright well hopefully it doesn't come to that. In any case I managed to build this computer but I somehow don't know anything about them really. When you say back up the files I assume you mean to an external right? Also, wouldn't reinstalling the back ups bring any possible threat along with them onto the clean install?

 

[wavetrex]

Definitely an infection.

There are several situations in which no antivirus is able to "clean" the system, unfortunately the only solution in those cases is to reinstall the system and be more careful in the future.

 

[smorizio]

what you want to do is boot into safe mode and run malware buytes/combo fix and advast. some viruses reload themself now for what look like a normal start up program. if you dont remove that part of the virus every time you power on it load itself back into main ram.

 

[Samwisegam]

Alright guys thanks for the replies i appreciate the help. I'll obviously start with the not so pain staking option and run in safe mode and if all else fails I'll wipe everything. Bleh. Thanks again!

 

[Samwisegam]

So I did as the last post instructed, and ran combo breaker (after reading the instructions on how not to blow up my computer when using it) and got this MASSIVE page of computer language, going to post it here in hopes that someone knows what to do with it.

ComboFix 12-04-05.09 - Lucas Loyola 04/05/2012 22:47:27.1.4 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.6753 [GMT -7:00]
Running from: c:\users\Lucas Loyola\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 05:56 . 2012-04-06 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 22:05 . 2012-04-05 22:05 -------- d-----w- c:\program files\iPod
2012-04-05 22:05 . 2012-04-05 22:06 -------- d-----w- c:\program files\iTunes
2012-04-05 22:05 . 2012-04-05 22:06 -------- d-----w- c:\program files (x86)\iTunes
2012-04-05 19:18 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-05 19:18 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-05 19:18 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-05 19:18 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-05 19:18 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-05 19:18 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-05 19:18 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-05 19:18 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-05 19:18 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-05 19:18 . 2012-04-05 19:18 -------- d-----w- c:\programdata\AVAST Software
2012-04-05 19:18 . 2012-04-05 19:18 -------- d-----w- c:\program files\AVAST Software
2012-04-05 19:13 . 2012-04-05 19:13 -------- d--h--w- c:\programdata\Common Files
2012-04-05 19:13 . 2012-04-05 19:14 -------- d-----w- c:\programdata\MFAData
2012-04-05 08:07 . 2012-04-06 04:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-05 06:45 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB5287BE-04F8-42DE-9977-C2AA8EA38487}\mpengine.dll
2012-03-23 18:57 . 2012-03-23 22:21 -------- d-----w- c:\program files (x86)\Diablo III Beta
2012-03-15 18:29 . 2012-03-15 18:29 -------- d-----w- c:\programdata\ATI
2012-03-15 18:24 . 2012-03-15 18:24 -------- d-----w- c:\programdata\AMD
2012-03-15 18:24 . 2012-03-15 18:24 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-15 18:24 . 2012-03-15 18:24 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-14 10:01 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:32 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:32 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:32 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:20 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:20 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:20 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 18:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:20 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 04:11 . 2011-06-09 04:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-04-07 08:55 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-15 05:05 . 2012-02-15 05:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 05:05 . 2012-02-15 05:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 05:05 . 2012-02-15 05:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 05:05 . 2012-02-15 05:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 05:05 . 2012-02-15 05:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 05:04 . 2012-02-15 05:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 05:03 . 2012-02-15 05:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 05:03 . 2012-02-15 05:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2010-11-18 10:30 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2010-11-18 10:29 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2010-11-18 10:22 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2010-11-18 10:14 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-12-06 02:33 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-12-06 02:28 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-04-06 15:55 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2010-11-18 09:51 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2010-11-18 09:50 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2010-11-18 09:50 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-02-11 02:47 . 2012-02-11 02:47 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47D027D1-E09C-40E2-8435-C69836764CEB}\gapaengine.dll
2012-01-31 13:02 . 2012-01-31 13:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 13:00 . 2012-01-31 13:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-31 12:44 . 2011-04-07 05:51 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 23:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 23:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19979400]
"Spotify"="c:\users\Lucas Loyola\AppData\Roaming\Spotify\Spotify.exe" [2011-12-27 4016816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-01-25 303104]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Lucas Loyola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 ALSysIO;ALSysIO;c:\users\LUCASL~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [x]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 04:11]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 23:36]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 23:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lucas Loyola\AppData\Roaming\Mozilla\Firefox\Profiles\d9djsqm2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Easy-Hide-IP - c:\program files (x86)\Easy-Hide-IP\easy-hide-ip.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\01\05\15)'<"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-05 23:01:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 06:01
.
Pre-Run: 800,267,595,776 bytes free
Post-Run: 801,105,461,248 bytes free
.
- - End Of File - - 773CEA83DF49591AFB7695146DD947F5

 

[suteck]

Did the avast and other antivirus/anti spyware give you a list of items found, quarantined and/or removed? That is supposed to take care of the situation for you. Mostly all I see in the given information are normal operating system files and parameters. I don't see any virus's or spyware labeled. I did notice that VUSE is being used,, (even looks ugly - [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] and I believe you have to open a port for free traffic in and out of your computer for that to operate properly. So watch that one. Otherwise, the software you loaded was supposed to look and remove or quarantine it for you to decide what to do with it. Most of these are usually better at stopping bad things from installing rather than finding something that has already infected your computer. Did you try running the microsoft security essentials? I saw where you had it disabled, that and windows defender. Try running them. Your other choice is to buy webroot security essentials - that's one of the better anti's outthere today and should find what others don't. Read the specs and reviews first and decide for yourself.

How are you at operating windows? Reason I ask is because one thing that might be causing your trouble could be something you can turn off. Go into "msconfig" and click on the startup tab. (Left click start button, click on run or the blank white space just above the start button and type in msconfig & hit enter.) This shows a list of most programs that start up when you turn windows on. Go thru that and turn off everything that doesn't look essential. Things like adobe acrobat, office, power iso and things like that. If you hold the mouse pointer over the command line (third one in) it will show you what it starts - like first line under startup item says microsoft windows operating system, the second line under manufacturer will say microsoft corporation - while the third line under command will say C/program files/windows sidebar - you get the point - turn items off especially if you don't know what it is and it doesn't say microsoft under manufacturer. For instance I use a lexmark printer, under the startup it will say lexmark fast pics application, under manufac. it will say lexmark, under command it will say C/program files(x86)/lexmark 5600/6600 series/exprint.exe. Now, I don't want that program to start with window because I don't need it until I try to print something. when I click print in a word doc (or any other) it will automatically start the print spooler and print. Same with a lot of other programs. They don't need to start with windows. Your virus/spyware might possibly be in that list to start when windows starts. You can turn it off here and maybe it will stay off. You can do these one at a time - a restart is required each time - and write it down incase something turns off you want on then you can go back in and change it. Will take work and time but it could resolve you problem without have to wipe and reinstall. Just as an example, mine has 21 programs in the msonfig startup tab. Out of all of them only 3 are checked to start when windows starts. Sidebar, audio driver and video card driver. Even turned off CCC. But when I right click on the desktop I can click on the selection on the top of the popup window and it comes right up, (sorry if you're not using AMD you probably don't know what I'm talking about)

Your other choice of course is to copy all the files you want to save to an external hdd to put back on later, (after a fresh install of windows). A backup will also carryover some infected files as well and possibly part if not all of the virus itself since part of a virus's job is to hide and embed itself in legitimate programs. Even copying individual files and folders contains some risk, but, I think less than a backup. Choices are few and between once a computer is infected, and expensive to clean for people who have too much to lose stored in an operating system. My Rule # 2 - always store important information on a separate hdd that you only store on, not run the OS on. Makes for less worry when something does happen. Wipe and reinstall is then only a hassle - not a loss.

 

[Samwisegam]

Wow thanks for the helpful reply! Well I don't really want to buy any programs so I'll go with plan B, and run msconfig and see what happens when turning them off, it's going to be a while until I can borrow an external. Do I risk further damage to my machine (hardware or any permanent damage) by running while still infected with whatever it has? Thankfully most of what I have on my hard drive that carries value are video games and such, which I can re download, and I can just transfer iTunes as individual files. I like rule #2, and I think to save myself grief/time in the future I'll stick to it. Thanks again I appreciate it!