High cpu usage is from the zbot infection as indicated by the GMER scan.
Quote:
File C:\WINDOWS\system32\twain_32 0 bytes
File C:\WINDOWS\system32\twain_32\local.ds 22803 bytes
File C:\WINDOWS\system32\twain_32\user.ds 0 bytes
File C:\WINDOWS\system32\twext.exe 52224 bytes executable
|
Quote:
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
|
ComboFix took out the infection but there's only straggler remaining.
c:\documents and settings\Sam\Application Data\twext.exe
Let's clear loose ends.
Open
NOTEPAD.exe and copy/paste the text in the quotebox below into it:
Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
"c:\windows\Tasks\AdwareAlert Scheduled Scan.job"
"c:\documents and settings\Sam\Application Data\twext.exe"
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0
Save this as
fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run
Post back to tell me what it says