Need Help!! (Virus hijacks PC as soon as I connect to internet)

[essexboy]

Could you try a connection please and let me know the result

[JPBoston]

Could you try a connection please and let me know the result

Hey... was about to plug-in just like you asked, but noticed my 'thinking light' was buzzing a bit... opened up Task Manager and see that SearchFilterHost.exe is taking bit of power.  It goes up to 50 CPU and calms down to 4-5, then back up to 50, then back down, etc. 

Just wanted to get your thoughts and see if I should still plug-in.

[essexboy]

This process is used by the windows search and indexing service.  It is indexing all the files on your computer in case you want to search for them .. I have turned mine off 

[JPBoston]

Skynet itself must have hijacked my computer... cause it's still slowing to a stop as soon as I plug in the ethernet cable.

[essexboy]

Could you re-run the AVP analysis scan only - disconnected this time and then upload the entire zip file to either mediafire or magaupload or similar so that I can download it

Now the Analysis
 
Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information 
 

 
On completion click the link to locate the zip file to upload and attach to your next post 
 

Megaupload

[JPBoston]

OK.... here it is:

http://www.megaupload.com/?d=7Q1N3YX4

[essexboy]

I notice that you have YouSendIt.com installed - this is a file uploader, did you install it ... It is running

• Re-run AVPTool 
• Select the Manual Disinfection tab and press Script execution
  
  
  
  
• Where it states  Insert text  script in the following box copy the below script and press Run script
  Copy from Begin until End
  
  
  
  

Code: [Select]

begin
 DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
 DelBHO('{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}');
 DeleteService('ASKUpgrade');
 SetServiceStart('ASKUpgrade', 4);
 DeleteService('ASKService');
 SetServiceStart('ASKService', 4);
 DeleteFile('C:\Program Files\AskBarDis\bar\bin\AskService.exe');
 BC_DeleteFile('C:\Program Files\AskBarDis\bar\bin\AskService.exe');
 DeleteFile('C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe');
 BC_DeleteFile('C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe');
 DeleteFile('C:\Program Files\Norton Internet Security\MUI\16.7.2.11\09\01\rcSvcHst.dll');
 BC_DeleteFile('C:\Program Files\Norton Internet Security\MUI\16.7.2.11\09\01\rcSvcHst.dll');
 DeleteFile('C:\Users\Joe\AppData\Local\Temp\_uninst_56657627.bat');
 BC_DeleteFile('C:\Users\Joe\AppData\Local\Temp\_uninst_56657627.bat');
end.

• Your system will reboot on completion, if it does not please do so yourself   
• On completion please run another analysis scan and attach the zip file   

[JPBoston]

I notice that you have YouSendIt.com installed - this is a file uploader, did you install it ... It is running

Yeah, I installed that several years ago... haven't used it in about a year though, had no idea it was running.

I'll run the script and report back... in the meantime, should I attempt an internet connection after rebooting before reporting back?

ADDED:  Whoops, just noticed the 'run new scan and post the log'.  Will do.

[JPBoston]

Here's the newest new log...

http://www.megaupload.com/?d=NQ3LBVZ7

[JPBoston]

FYI --- Connection to internet still results in PC locking up.

[essexboy]

Lets remove the running uploader file and see if that helps

As it is at the momnet I can see no apparent malware

• Re-run AVPTool 
• Select the Manual Disinfection tab and press Script execution
  
  
  
  
• Where it states  Insert text  script in the following box copy the below script and press Run script
  Copy from Begin until End
  
  
  
  

Code: [Select]

begin
 DeleteFile('C:\Program Files\YouSendIt\Express\version2\YsiExt.dll');
 BC_DeleteFile('C:\Program Files\YouSendIt\Express\version2\YsiExt.dll');
 DeleteFile('C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL');
 BC_DeleteFile('C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved','{BDEADF00-C265-11D0-BCED-00A0C90AB50F}');
 DeleteFile('C:\Users\Joe\AppData\Local\Temp\_uninst_56657627.bat');
 BC_DeleteFile('C:\Users\Joe\AppData\Local\Temp\_uninst_56657627.bat');
 DeleteFile('C:\Users\Joe\AppData\Local\Temp\_uninst_02113337.bat');
 BC_DeleteFile('C:\Users\Joe\AppData\Local\Temp\_uninst_02113337.bat');
end.

• Your system will reboot on completion, if it does not please do so yourself   

[JPBoston]

Hey again ---

My desktop's monitor died, so I was incommunicado for awhile.

I was just able to run your last 'manual script' via Kapersky, rebooted, and the problem persists.

Any chance anyone else has had this problem and any more ideas?

[essexboy]

Lets check out the files used for internet connection

run farbar service scanner



Tick All options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

[JPBoston]

Hey again...

Good news! Laptop is up and running after I deleted Amazon's cloud uploader... It came to me randomly the other night, that the only 'new' thing I was doing back when the Laptop started acting up was uploading a few albums to amazon to try on my kindle fire.

Anyway --- I was going thru and deleting stuff I didn't need to clear up space, and came across a problem file.

It's a 9.5gb video file, and the sucker just won't delete.  I rebooted, tried again and let it sit for 40 minutes, and still nothing. 

Could one of those programs Essexboy had me DL be able to delete the thing?

PS

Thanks again for the help, Essex!