Solved How to Resolve Virus using 100% CPUs In Vista-32 bit

Status
Not open for further replies.
C

cashcab

Posts: 21   +0
I have a high CPU usage issue that I can't resolve. None of the processes show greater than 50% CPU usage but the total is almost always 100% even when just launching. Processes using high CPUs change regularly. It seems like a virus/bug but I can't locate it. Computer is slower than slow but can't resolve issue. It appears this happened when using wi-fi on unsecured line at hotel (unless it was coincidence) although I have anti-virus software installed. Any ideas please?
 
Welcome to TechSpot! I'll help with the prioblem after I get information

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Results of 8 Step Virus, etc. Removal Instructions--Part 1

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5509

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/12/2011 9:29:33 PM
mbam-log-2011-01-12 (21-29-33).txt

Scan type: Quick scan
Objects scanned: 153050
Time elapsed: 31 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Results of 8 Step Virus, etc. Instructions Part 2

GMER LOG

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-12 22:05:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0085
Running: gmer.exe; Driver: C:\Users\Carrie\AppData\Local\Temp\fwkyipog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
 
Results of 8 Step Virus etc., Instructions, Part 3

DDS Log


DDS (Ver_10-12-12.02) - NTFSx86
Run by Carrie at 22:21:23.69 on Wed 01/12/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1005 [GMT -6:00]

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton Utilities 14\RMTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\dllhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carrie\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://comcast.net/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080801
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: @c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
uRun: [NortonUtilities] c:\program files\norton utilities 14\RMTray.exe /H
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [<NO NAME>]
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\6.3.2380.0\mswinext.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Authentication Packages = msv1_0 wvauth

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\symds.sys [2011-1-6 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\symefa.sys [2011-1-6 652336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110112.001\IDSvix86.sys [2011-1-12 353912]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys [2011-1-6 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys [2011-1-6 330360]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-8-1 179712]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2008-8-1 13824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-11 102448]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-9-16 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-9-16 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-9-16 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-9-16 59904]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

2011-01-13 04:17:04 624128 ----a-w- c:\users\carrie\dds.scr
2011-01-13 03:46:20 296448 ----a-w- c:\users\carrie\GMER.exe
2011-01-13 02:55:08 -------- d-----w- c:\users\carrie\appdata\roaming\Malwarebytes
2011-01-13 02:54:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 02:53:56 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-13 02:53:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 02:53:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 01:16:58 446464 ----a-w- c:\users\carrie\TFC.exe
2011-01-12 02:51:15 -------- d-----w- c:\users\carrie\appdata\roaming\Uniblue
2011-01-12 02:47:46 -------- d-----w- c:\users\carrie\appdata\local\PackageAware
2011-01-11 22:21:12 -------- d-----w- c:\program files\DebugDiag
2011-01-11 22:16:48 5142528 ----a-w- c:\users\carrie\DebugDiag.msi
2011-01-06 21:36:00 330360 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-01-06 21:35:59 295032 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-01-06 21:35:57 652336 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symefa.sys
2011-01-06 21:35:55 340016 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\symds.sys
2011-01-06 21:35:54 50168 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-01-06 21:35:53 509560 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-01-06 21:35:52 136312 ----a-w- c:\windows\system32\drivers\nis\1205000.07d\ironx86.sys
2011-01-06 21:33:41 -------- d-----w- c:\windows\system32\drivers\nis\1205000.07D
2011-01-06 18:58:35 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-01-06 18:58:35 506368 ----a-w- c:\windows\system32\msxml.dll
2011-01-06 18:58:35 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-01-06 18:58:35 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-01-06 18:18:03 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-06 18:18:03 -------- d-----w- c:\program files\Symantec
2011-01-06 18:18:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-01-06 18:17:30 -------- d-----w- c:\windows\system32\drivers\NIS
2011-01-06 18:17:27 -------- d-----w- c:\program files\Norton Internet Security
2011-01-06 04:16:57 -------- d-----w- c:\program files\NortonInstaller
2011-01-06 04:12:45 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d794a1d6-e553-42c6-a37e-92a614c642ad}\mpengine.dll
2011-01-06 04:12:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-04 22:15:37 -------- d-----w- c:\users\carrie\advfn
2010-12-22 21:21:48 19396800 ----a-w- c:\users\carrie\HP_Vista_PS_7150.exe
2010-12-18 02:43:47 45056 ----a-r- c:\users\carrie\appdata\roaming\microsoft\installer\{2c31929a-d6ab-4d0b-abf9-4812a045ce97}\OptionsOracle.exe1_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43:47 45056 ----a-r- c:\users\carrie\appdata\roaming\microsoft\installer\{2c31929a-d6ab-4d0b-abf9-4812a045ce97}\OptionsOracle.exe_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43:47 45056 ----a-r- c:\users\carrie\appdata\roaming\microsoft\installer\{2c31929a-d6ab-4d0b-abf9-4812a045ce97}\ARPPRODUCTICON.exe
2010-12-18 02:43:47 204800 ----a-r- c:\users\carrie\appdata\roaming\microsoft\installer\{2c31929a-d6ab-4d0b-abf9-4812a045ce97}\OptionsOracle_Data_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43:28 -------- d-----w- c:\program files\Options Oracle
2010-12-14 22:55:34 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2011-01-11 22:22:03 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-01-11 22:20:52 88 --sh--r- c:\windows\system32\CDAC9EE126.sys
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 22:25:59.89 ===============
 
I can see why the CPU is so busy! The system is running everything on it- which does nothing but use resources unnecessarily. Examples:
Dell Printer
HP Vista PhotoSmart Printer>> this one has a huge file
Adobe Reader and TB
MemoryCardManager
Corel Photo Downloader

There is another log from DDS named Attach.txt. Please paste that in with the additional scan logs.

And this:
It appears this happened when using wi-fi on unsecured line at hotel (unless it was coincidence)
Click to expand...
I don't believe in coincidences! But we'll have to do the following scans and see what gets picked up:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=======================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

You also have numerous auto-updates running. After we make sure you're clean, I'll make some recommendations for stopping processes.
 
DDS Attach.txt Log

Sorry about not attaching this yesterday. It didn't run so I reran it. Thank you very much for your ongoing help. I really appreciate it.


DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume3
Install Date: 8/1/2008 9:04:45 AM
System Uptime: 1/13/2011 7:20:22 PM (0 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 110 GiB total, 14.513 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 1.119 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #6
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0016
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #18
PNP Device ID: ROOT\*ISATAP\0016
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #17
PNP Device ID: ROOT\*ISATAP\0017
Service:

==== System Restore Points ===================


==== Installed Programs ======================


ABBYY FineReader 6.0 Sprint
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
biolsp patch
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
Business Contact Manager for Outlook 2007 SP2
Carbonite Online Backup Setup
Citrix XenApp Web Plugin
Conexant HDA D330 MDC V.92 Modem
Corel Snapfire Plus
Dell 968 AIO Printer
Dell Driver Download Manager
Dell Drivers MSI
Dell Embassy Trust Suite by Wave Systems
Dell Getting Started Guide
Dell Touchpad
DGOControls
Digital Line Detect
Document Manager Lite
EDocs
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
Fidelity Active Trader Pro®
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Gemalto
GemSafe Standard Edition 5.1
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Intel(R) PROSet/Wireless Software
Intuit SiteBuilder
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LG USB Modem driver
Malwarebytes' Anti-Malware
mCore
MFCLOC
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft UI Engine
Microsoft Visual J# 2.0 Redistributable Package
mMHouse
MobileMe Control Panel
Modem Diagnostic Tool
mPfMgr
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
NetWaiting
Norton Internet Security
Norton Utilities
NTRU TCG Software Stack
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
OptionsOracle
PANTECH UM175 Driver
PlanWrite - Business Plan Writer Deluxe
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Secrets of the Masters Trading Game
Secure Update
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Wizards
Sonic CinePlayer Decoder Pack
TaxCut Minnesota 2007
TaxCut Premium + State + Efile 2007
Tradelog
Trader Workstation
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmniper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmniper
TurboTax 2009 wrapper
TWS Demo
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2466076)
upekmsi
Vista Profile Pack
VZAccess Manager
Wave Infrastructure Installer
Wave Support Software

==== End Of File ===========================
 
Results of ESET Scan

TSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=9853f9830d2d704aad52d3215ccc5c4f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-14 03:43:51
# local_time=2011-01-14 09:43:51 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 131618626 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=226148
# found=0
# cleaned=0
# scan_time=8707
 
Combofix

I'm at a loss as to what to do about Combofix. I have spent at least 4 hours trying to get through your instructions but cannot do so successfully. First, it would not download. Eventually, I got it to download but none of the scripts you posted appear. I received a notice that I had a corrupt version and to redownload so I did. Again, it wasn't operating properly. I have tried to locate another website to download it from but have not been able to correct this problem. Most recently, I received the opening script indicating that it was working only to get a message saying it wasn't safe to continue along with a short notice about not recognizing something and then a C prompt command. I was going to uninstall the copy I have but was notified not to do so since some processes may be linked to it. I'm unsure what to do at this point. Can you please advise. Thanks very much.
 
I received the opening script indicating that it was working only to get a message saying it wasn't safe to continue along with a short notice about not recognizing something and then a C prompt command. I was going to uninstall the copy I have but was notified not to do so since some processes may be linked to it. I'm unsure what to do at this point. Can you please advise. Thanks very much.
Click to expand...

1. "short notice about not recognizing something"> I need the words of the notice and what is not being recognized.
2. " a C prompt command"> what is the Command? Is it on a black screen?
3. "notified not to do so since some processes may be linked to it."> need exact, full message.

I have no idea what happening. I'd like you to uninstall as follows:

Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg

Then try the download again. The link is good. You need to give me more specific information about these messages you're getting. Right now, I see clean logs for Mbam, GMER and Eset.
=========================================
As I mentioned, you have an extraordinary number of processes running:
Do you use these?
Dell 968 AIO Printer> printer doesn't need to run in the background
Dell Driver Download Manager
Dell Drivers MSI
Dell Getting Started Guide

Multiple Security packages:
1. Gemalto: international digital security company, providing secure personal devices such as smart cards and tokens in addition to software applications and managed services.
2. Dell Embassy Trust Suite by Wave Systems:advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today. Trusted Platform Module.(TPM) >>secure cryptoprocessor that can store cryptographic keys that protect information. Disk encryption, Digital rights management, Software license protection & enforcement, Password protection
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave System
Wave Infrastructure Installer
Wave Support Software
3. AuthenTec Fingerprint Sensor Minimum Install

I'm thinking that some of the excess security is causing conflicts. Consider that.

Java Outdated: Current is v6u23
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
 
ComboFix Log

I finally got it working. FYI, it did not ask to have the recovery console installed. It did find a problem though as you will see from the log. I'll respond to your additional questions in another reply.

ComboFix 11-01-10.04 - Carrie 01/14/2011 16:59:13.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.979 [GMT -6:00]
Running from: c:\users\Carrie\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\pswi_preloaded.exe
c:\users\Carrie\ComboFix.exe
c:\users\Carrie\GoToAssistDownloadHelper.exe
c:\users\Carrie\R172716.exe

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 23:15 . 2011-01-14 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-13 03:46 . 2011-01-13 03:49 296448 ----a-w- c:\users\Carrie\GMER.exe
2011-01-13 02:55 . 2011-01-13 02:55 -------- d-----w- c:\users\Carrie\AppData\Roaming\Malwarebytes
2011-01-13 02:54 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 02:53 . 2011-01-13 02:53 -------- d-----w- c:\programdata\Malwarebytes
2011-01-13 02:53 . 2011-01-13 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 02:53 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 01:16 . 2011-01-13 01:17 446464 ----a-w- c:\users\Carrie\TFC.exe
2011-01-12 22:55 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 22:55 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 22:55 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 22:55 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 22:55 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 22:55 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 22:55 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-12 02:51 . 2011-01-12 02:51 -------- d-----w- c:\users\Carrie\AppData\Roaming\Uniblue
2011-01-12 02:47 . 2011-01-12 02:47 -------- d-----w- c:\users\Carrie\AppData\Local\PackageAware
2011-01-11 22:21 . 2011-01-12 02:26 -------- d-----w- c:\program files\DebugDiag
2011-01-11 22:16 . 2011-01-11 22:16 5142528 ----a-w- c:\users\Carrie\DebugDiag.msi
2011-01-06 18:58 . 2008-04-02 21:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-01-06 18:58 . 2008-04-02 21:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-01-06 18:58 . 2008-04-02 21:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-01-06 18:58 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-01-06 18:18 . 2011-01-11 20:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-06 18:18 . 2011-01-06 18:18 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-06 18:18 . 2011-01-06 18:18 -------- d-----w- c:\program files\Symantec
2011-01-06 18:17 . 2011-01-07 14:41 -------- d-----w- c:\windows\system32\drivers\NIS
2011-01-06 18:17 . 2011-01-06 18:17 -------- d-----w- c:\program files\Norton Internet Security
2011-01-06 04:16 . 2011-01-06 18:16 -------- d-----w- c:\program files\NortonInstaller
2011-01-06 04:12 . 2010-11-16 18:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D794A1D6-E553-42C6-A37E-92A614C642AD}\mpengine.dll
2011-01-06 04:12 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-04 22:15 . 2011-01-04 22:15 -------- d-----w- c:\users\Carrie\advfn
2010-12-22 21:21 . 2010-12-22 21:21 19396800 ----a-w- c:\users\Carrie\HP_Vista_PS_7150.exe
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle.exe1_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle.exe_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\ARPPRODUCTICON.exe
2010-12-18 02:43 . 2010-12-18 02:43 204800 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle_Data_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43 . 2010-12-18 02:43 -------- d-----w- c:\program files\Options Oracle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-14 23:24 . 2008-08-07 22:10 0 ----a-w- c:\users\Carrie\AppData\Local\WavXMapDrive.bat
2010-11-04 18:56 . 2010-12-14 22:57 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-14 22:57 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-14 22:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-14 22:57 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-14 22:57 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-14 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-14 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-14 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-14 22:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:57 . 2010-12-14 22:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:01 . 2010-12-14 22:56 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-14 22:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-14 22:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-14 22:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-14 22:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-14 22:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-18 13:37 . 2010-12-14 22:57 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31 . 2010-12-14 22:57 2038272 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-01 68856]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-06-29 42392]
"NortonUtilities"="c:\program files\Norton Utilities 14\RMTray.exe" [2009-09-14 279912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-27 17920]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-15 30192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe" [2010-11-12 273672]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-06-29 42392]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-1 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-15 30192]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-08-11 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-08-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-08-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-08-11 59904]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110113.001\IDSvix86.sys [2010-11-09 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2006-11-02 7168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-06 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:05]

2011-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
Notify-GoToAssist - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 17:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-14 17:54:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-14 23:53

Pre-Run: 14,834,372,608 bytes free
Post-Run: 13,998,415,872 bytes free

- - End Of File - - 84F6842C59A1A512E97627F49225ECE0
 
Misc issues

I deleted several of the processes you asked if I use. I need to keep Dell 968 AIO Printer but you are right it doesn't need to run in the background. How do I change it so that it only runs when I need it?

I have eliminated a couple of the security packages that I don't need.

I have deleted the outdated Java updates/versions and have downloaded the most current version.

It appears that my system is running faster than it had been but I still receive "High CPU usage alerts" from my anti-virus/utilities program so there must still be something else going on.

It appears I have somthing wrong with my "administrative rights" now. For example, to upgrade the trading platform I have used for years, it now says that I don't have sufficient administrative rights to download the most recent upgrade. This has never happened prior to this "high CPU usage issue." Also, when downloading the most current version of Java, I wasn't able to save it in my program file because of insufficient administrative rights. Again, this did not happen prior to this issue.

If you can share resolutions to this issue, I would very much appreciate it.

I will wait to see what might see from the combofix log beyond the "system 32 infection" issue.

Thanks again for all your help.
 
Okay, we need to replace a file- let's find a good copy first:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
userinit.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Run the above so I can use the good file to replace the infected one.
==============================================
Taking the printer or any other process off of startup:

To remove entries from Startup using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
  • Click on Selective Startup
  • Choose the Startup tab:
    This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.
 
Forgot about your question for Administrative Rights:

To take ownership and grant full control (or read write) permissions of files or folders in Windows Vista, follow the steps and the screen shots HERE
 
SystemLook Log

SystemLook 04.09.10 by jpshortstuff
Log created at 23:20 on 15/01/2011 by Carrie
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.*"
C:\Qoobox\Quarantine\C\Windows\System32\userinit.exe.vir --a---- 25088 bytes [02:25 21/01/2008] [02:25 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\ERDNT\cache\userinit.exe --a---- 25088 bytes [23:33 14/01/2011] [02:25 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\Prefetch\USERINIT.EXE-5114915C.pf --a---- 14728 bytes [14:29 22/12/2010] [12:47 14/01/2011] 5A2ACE7C7A36061A1BBE6ABE8769497B
C:\Windows\System32\userinit.exe --a---- 25088 bytes [02:25 21/01/2008] [02:25 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9
C:\Windows\System32\en-US\userinit.exe.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.0.6000.16386_en-us_8db9e42fd56781f2\userinit.exe.mui --a---- 4096 bytes [12:41 02/11/2006] [12:41 02/11/2006] F058F2BAE89E70B2A79D5EB820092EEB
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe --a---- 25088 bytes [02:25 21/01/2008] [02:25 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

-= EOF =-
 
System Look Log

Bobbye,

I have posted the system look log. Is there anything else you need?

Thanks for all your help,

cashcab
 
Yes, thank you, I see that- yesterday was Sunday. I spent time with my family.

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
Code: 
File::
c:\windows\system32\UniBox210.ocx
c:\windows\system32\UniBoxVB12.ocx
c:\windows\system32\UniBox10.ocx

Folder::
c:\users\Carrie\AppData\Roaming\Uniblue
c:\users\Carrie\AppData\Local\PackageAware
c:\program files\DebugDiag
c:\users\Carrie\DebugDiag.msi

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"=-
FCopy::
C:\Windows\ERDNT\cache\userinit.exe| c:\windows\system32\userinit.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please let me know how the system is doing now.
 
Combofix Log

Prior to creating the log, combofix said it needed to check some files with malware. It attempted to connect to a site but was not able to do so. I will see if I can run this manually and post the log in another response. Here's the log without this. When it was running, it deleted a lot of files due to another infected system file.

ComboFix 11-01-17.03 - Carrie 01/17/2011 19:26:40.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.921 [GMT -6:00]
Running from: c:\users\Carrie\Desktop\ComboFix.exe
Command switches used :: c:\users\Carrie\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\UniBox10.ocx"
"c:\windows\system32\UniBox210.ocx"
"c:\windows\system32\UniBoxVB12.ocx"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DebugDiag
c:\program files\DebugDiag\config.xml
c:\program files\DebugDiag\Logs\DbgSVC_Date__01_11_2011__Time_04_50_15PM__104__Log.txt
c:\program files\DebugDiag\Logs\PerfLogs\PerfLog_Date__01_11_2011__Time_04_55_05PM__216.blg
c:\program files\DebugDiag\ServiceState.xml
c:\users\Carrie\AppData\Local\PackageAware
c:\users\Carrie\AppData\Roaming\Uniblue
c:\users\Carrie\AppData\Roaming\Uniblue\RegistryBooster\error.log
c:\users\Carrie\AppData\Roaming\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\users\Carrie\AppData\Roaming\Uniblue\RegistryBooster\last_scan.dat
c:\users\Carrie\AppData\Roaming\Uniblue\RegistryBooster\settings.dat
c:\windows\system32\UniBox10.ocx
c:\windows\system32\UniBox210.ocx

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.
--------------- FCopy ---------------

c:\windows\ERDNT\cache\userinit.exe --> c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-18 01:44 . 2011-01-18 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-15 03:26 . 2011-01-15 03:26 883488 ----a-w- c:\users\Carrie\JavaSetup6u23.exe
2011-01-13 03:46 . 2011-01-13 03:49 296448 ----a-w- c:\users\Carrie\GMER.exe
2011-01-13 02:55 . 2011-01-13 02:55 -------- d-----w- c:\users\Carrie\AppData\Roaming\Malwarebytes
2011-01-13 02:54 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-13 02:53 . 2011-01-13 02:53 -------- d-----w- c:\programdata\Malwarebytes
2011-01-13 02:53 . 2011-01-13 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-13 02:53 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-13 01:16 . 2011-01-13 01:17 446464 ----a-w- c:\users\Carrie\TFC.exe
2011-01-12 22:55 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 22:55 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 22:55 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 22:55 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 22:55 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 22:55 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 22:55 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-11 22:16 . 2011-01-11 22:16 5142528 ----a-w- c:\users\Carrie\DebugDiag.msi
2011-01-06 18:58 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-01-06 18:18 . 2011-01-11 20:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-01-06 18:18 . 2011-01-06 18:18 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-06 18:18 . 2011-01-06 18:18 -------- d-----w- c:\program files\Symantec
2011-01-06 18:17 . 2011-01-07 14:41 -------- d-----w- c:\windows\system32\drivers\NIS
2011-01-06 18:17 . 2011-01-06 18:17 -------- d-----w- c:\program files\Norton Internet Security
2011-01-06 04:16 . 2011-01-06 18:16 -------- d-----w- c:\program files\NortonInstaller
2011-01-06 04:12 . 2010-11-16 18:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D794A1D6-E553-42C6-A37E-92A614C642AD}\mpengine.dll
2011-01-06 04:12 . 2010-10-19 16:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-04 22:15 . 2011-01-04 22:15 -------- d-----w- c:\users\Carrie\advfn
2010-12-22 21:21 . 2010-12-22 21:21 19396800 ----a-w- c:\users\Carrie\HP_Vista_PS_7150.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-15 03:35 . 2010-08-08 13:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-14 23:24 . 2008-08-07 22:10 0 ----a-w- c:\users\Carrie\AppData\Local\WavXMapDrive.bat
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle.exe1_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle.exe_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-12-18 02:43 . 2010-12-18 02:43 45056 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\ARPPRODUCTICON.exe
2010-12-18 02:43 . 2010-12-18 02:43 204800 ----a-r- c:\users\Carrie\AppData\Roaming\Microsoft\Installer\{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}\OptionsOracle_Data_2C31929AD6AB4D0BABF94812A045CE97.exe
2010-11-04 18:56 . 2010-12-14 22:57 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-14 22:57 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-14 22:57 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-14 22:57 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-14 22:57 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-14 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-14 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-14 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-14 22:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:57 . 2010-12-14 22:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:01 . 2010-12-14 22:56 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-14 22:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-14 22:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-14 22:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-14 22:57 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-14 22:56 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-01 68856]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-06-29 42392]
"NortonUtilities"="c:\program files\Norton Utilities 14\RMTray.exe" [2009-09-14 279912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-31 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-31 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-15 30192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe" [2010-11-12 273672]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-06-29 42392]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-1 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 CFcatchme;CFcatchme;c:\users\Carrie\AppData\Local\Temp\CFcatchme.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-15 30192]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-08-11 33024]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-08-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-08-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-08-11 59904]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\SYMDS.SYS [2010-10-21 340016]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110114.002\IDSvix86.sys [2010-11-09 353912]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\Ironx86.SYS [2010-11-16 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1205000.07D\SYMTDIV.SYS [2010-12-01 330360]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 BthFilterHelper;Bluetooth Feature Support;c:\program files\CSR\Vista Profile Pack\BthFilterHelper.exe [2006-11-07 127488]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-06 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:05]

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-17 19:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2011-01-17 20:20:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-18 02:20
ComboFix2.txt 2011-01-14 23:54

Pre-Run: 15,876,964,352 bytes free
Post-Run: 15,883,575,296 bytes free

- - End Of File - - B2407419CD17FED480266643A5478151
 
Bleeping Computer Submission

OK, I was able to submit the "malware" file to bleeping computer for further analysis as instructed by Combofix although I have no idea what was submitted:

File path ---> C:\Qoobox\Quarantine\[4]-Submit_2011-01-17_19.26.04.zip

Unfortunately, after running the custom script, my CPU usage is back to 100% again. Any thoughts?

Thanks,

Cashcab
 
One Other Bit of Info

Bobbye,

One other bit of info that may be useful is that when you first started helping me, my CPU usage jumped around from 25 to 100%. And, one thing I didn't mention because I thought it was a separate issue was that my "a" key wouldn't work consistently. My "a" key started to work the first time I ran the combofix. After running the customer code, my CPU usage is now fixed at 100%. It doesn't jump around anymore. When I am receive high CPU notification from my anti-virus program, the culprit is always internet explorer now where it used to vary in the past. I'm not sure if this is helpful but I thought I would share it in case it is. Thanks for your on going assistance.

Cashcab
 
Prior to creating the log, combofix said it needed to check some files with malware. It attempted to connect to a site but was not able to do so.
File path ---> C:\Qoobox\Quarantine\[4]-Submit_2011-01-17_19.26.04.zip
Click to expand...
I'm not sure what you did here or why you did it. Qoobox is where Combofix puts the quarantined files. It would not be something you had to submit anywhere for identification. I am not aware of Combofix ever telling someone they needed to submit a file! I would be the one to tell you to submit something and where to submit it.

As for the a key, I doubt that has anything to do with malware. I had to replace the keyboard on a new Dell mini because the G key wouldn't work right!

The only way you can determine anything about the CPU usage is to document what the high users are. If it's usually iexplore.exe now, it could be add-ons working in the background. I can't help you with that problem unless I know what the processes are and what you are doing at the time. Is this CPU usage slowing you down or are you just worried because it seems high?

I'll be back after supper to check the Combofix log.
 
Combo-Fix

Perhaps the request for submission is addition to the newest version of combo-fix. When I started the process last night, Combo-fix asked me if I wanted to download the most recent version since I wasn't using it. I said yes. Prior to creating the log, the submission occurred as I mentioned. I just followed the prompts. I do have a Qoobox file on my computer now.

Today, my machine seems to be running fairly quickly. I have lost track of what's "normal" anymore since I have had this high CPU usage issue since September. It's certainly faster than it was prior to your help so thank you. Given that a number of files were deleted last night using the custom code I just want to make sure this issue is resolved so I don't encounter it again in the future. I was under the impression that we had elimininated the virus a few days earlier so I was surprised to see another one identified last night. That's my concern. I'm not sure if this is reflected in the log I sent but once you have a look, I am sure you can determine if I still have an issue.

Thanks very much for your ongoing help, It is most appreciated.

Cashcab
 
CPU USage

Bobbye,

Today, CPU usage is so high that my machine "freezes." This is the same issue I had before. It appears that the big user is whatever I'm using at the time. For example, an active trader program wouldn't open this morning and I received notification from my anti-virus software of high CPU usage. I have resorted to working in "safe mode" all the time. Any ideas? I can't figure out why this seems to "come and go" with the same programs open.

Thank you.
 
Okay, this should put your mind to rest:
Specifically, the majority of the alerts you're getting from Norton are performance alerts, not malware alerts

Your sensitivity threshold needs to be set higher as the lower it's set, the more alerts you'll get. The following are taken from comments in the Norton Community. I think the will help you set this better and not let it worry you any more:>>>>

Allow Performance Monitoring Alerts to be Configured
1. Please note that this feature is new to 2011 so some further tweaks definitely need to be made by Symantec.
2. Symantec is considering changes to allow better customization of performance alerts.
3. It is not unusual for programs such as these to occasionally demand a lot of the CPU for short periods of time. Viewing Flash content in FIrefox guarantees that I will see an alert, for example. As long as you can determine that the program in question is just busy performing a task you can disregard the Norton notification, which is really just an advisory rather than an urgent warning. In the Norton Miscellaneous Settings there are a number of configuration options for Performance Monitoring, including setting the resource threshold to a higher or lower level, and excluding specific programs from monitoring.
4. I expect that we will offer more flexibility with this feature over time. This was the first release and we wanted to be sure that we got the response that we were expecting. So far, it is pretty clear that users like the feature, so now we can take a closer look at how to improve it and/or make it more flexible. (Norton Support)
5. Full text HERE.

And users said:
"I ended up changing mine to Performance alerting to High due to too many false alarms."
Click to expand...

Please reset to High and let me know if you notice improvement.
 
Thanks for this but I don't think it's the settings that is causing my machine to still run painfully slow. It was better for a day but with each passing day it gets slower and slower. The high CPU usage seems to vary depending upon what I am trying to use, sometimes it's internet explorer.exe, sometimes the trading software I use, etc. The main thing is that prior to getting the virus at the hotel in September, I was able to run whatever I wanted and I did not encounter this issue. Did you see anything in the last combofix log that could be causing this?

Thanks very much,

CashCab
 
Status
Not open for further replies.

Similar threads

midian182
Recent high-end Intel CPUs are crashing Unreal Engine games
Replies
24
Views
471
GrumpyOldGamer
G
Daniel Sims
HaLow Wi-Fi standard achieves 1.8-mile range in field test
Replies
7
Views
288
Bamda
Bamda
Daniel Sims
Ford owners using Sync 3 infotainment should turn off Wi-Fi
Replies
4
Views
447
Greg Powell
G

Latest posts

Back