Fighting Trojan with no luck

I've been fighting a trojan for days now with no success. I've been reading threads on this forum and following all the directions I can find. I'm "somewhat" computer savvy, at least enough to be able to follow directions.

I have been searching for a new job and was navigated to an employers site a few nights ago. The site seemed to have issues, and not more than 15 minutes later the computer started acting very very strange.

I did a virus scan using the free microsoft virus scan program and it located the following>>> " trogan:win32/alueron.gd "

However, it said that it would not completely remove it. And that a manual removal was required. I then found myself on this forum after doing google searches on how to remove it. I followed directions given to others on fighting a similar trojan, but have had no luck. I've read and followed the directions on "what to do first" before posting to this forum.

Basically, the trojan is running something in the background when I'm connected to the internet. The CPU usage goes to 100% and music and other random audio starts playing, yet no windows are visibly open. The only way to stop it is to disconnect from the internet, or keep following my task manager and ending the individual "svchost.exe" process that is running. However, I end it, and it just starts back up a minute or two later.

I am running windows 7

What information can I post to give someone a starting point of knowing what is still present and how to get rid of it?

 

Also, as a matter of information I followed these directions that I gleaned from another thread::


Uninstall the below programs
Anti-phishing Domain Advisor
Blekko search bar
Java(TM) 6 Update 37

Now install the current version of Sun Java from: Sun Java Runtime Environment

Please download OTM by Old Timer and save it to your Desktop.

Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

rocesses
explorer.exe

:Files
C:\Program Files (x86)\PC Speed Maximizer
C:\Users\User\AppData\Local\Diagnostics\Mozilla\vzonhcsvo.dll
C:\Users\User\AppData\Local\Broadcom\nbiirxjg.dll
C:\Users\User\AppData\Roaming\8a66e9ef-b34c-4d32-bf5c-6188e5ea2031ad\aeefbcdbfceeaad.exe
C:\Users\User\AppData\Local\gamesleapSA\bin\1.0.11.0\GamesLeapSA.exe
C:\Users\User\AppData\Local\gamesleapSA
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6cl6z5ed.default\extensions\crossriderapp2258@crossrider.com
C:\Program Files (x86)\Yontoo
C:\Users\User\AppData\LocalLow\blekkotb_019
C:\ProgramData\Anti-phishing Domain Advisor
C:\ProgramData\blekko toolbars
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
C:\Users\User\AppData\Local\Broadcom\nbiirxjg.dll
C:\Users\User\AppData\Roaming\rwbjsajw\icthuhrr.exe
C:\Windows\TEMP\*.*
C:\Users\User\AppData\Local\Temp\*.*

:Reg
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Broadcom]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ODBC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Cr_Installer\2258]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{A8F0AD53-1AEE-447E-89CD-71C325796F84}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Datamngr]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SPMTray"=-
"ODBC"=-
"Adobe CSx Manager"=-
"Mozilla"=-
"Broadcom"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Anti-phishing Domain Advisor"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"Anti-phishing Domain Advisor"=-
[HKEY_USERS\S-1-5-21-383793815-397827578-1440177876-1000\Software\Microsoft\Windows\CurrentVersion\run]
"SPMTray"=-
"ODBC"=-
"Adobe CSx Manager"=-
"Mozilla"=-
"Broadcom"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
) and choose Paste.
Now click the large button.
If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.

 

I've downloaded and run Ccleaner and disabled emulation software.

I've also run Rogue Killer, OTM, and JRT with logs attached.

After all that this thing is still alive and kickin' - Infact it's actually gotten worse in one way as it now can run even when I'm in safe mode, whereas before it wouldn't. In safe mode the audio doesn't happen, but it does rack up the CPU usage to 100% until i kill the process or disconnect from the internet.

also, now when I run the free microsoft virus scan it doesn't pick up anything, even though it's obviously still there.