svchost virus/malware

Hi,
My avast! is blocking harmful webpages. When they aren’t blocked my speakers are playing random commercials, music, and some tv shows. I’ve ran malwarebyes, mbar, tdsskiller, rkill, ad-aware, ccleaner, (avast!), and Combofix. I’ll attach the log files I have already completed, any help is appreciated.

one of the details from Web Shield are: Object: hxxp://dark-swx.net/task/2000/ Infection: URL:Mal Process: C:\Windows\System32\svchost.exe

We need a OTL diagnostic log http://forum.avast.com/index.php?topic=53253.0

  • the others you have

Added

Open notepad and copy/paste the text present inside the code box below:



FCOPY:: 
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll|c:\windows\system32\rpcss.dll

File::
c:\windows\SYSNATIVE\DRIVERS\gzflt.sys

Driver::
gzflt
LavasoftAdAwareService11

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdAwareTray"=-

Folder::
c:\program files\Lavasoft\Ad-Aware Antivirus


Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

.

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Here is the newest Combofix log

And the FRST64 logs

Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

[*]Type rpcss.dll into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
[*]Please attach it to your reply.

Here is the log

most of the malware expert are in european time zone and in bed now… check back later today :wink:

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Start
HKLM\...\Run: [Bdagent] - "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
CMD: DEL %TEMP%\*.* /F /S /Q
End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

attached is fixlog.txt.

How’s your computer behaving now?

Everything seems fine. Thanks for all the help. Sorry about the delayed response. We were blessed with 13.5 inches of snow Sunday and I was unable to get to my computer to verify. The music has stopped. I don’t see any other issues. I’m not completely computer illiterate, so I think I’d know if it was still infected.

Again, Thank you for all your help!

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.