System slowdown-Infected with rootkit/Trojan.FakeAlert?

Problem:
========
Facing slowness in IE and firefox loading and system slow down and CPU shows 100%.

Env:
=====
1. Windows Vista Home Edition.
2. Used AVG 8.0 freeware as antivirus and after AVG detected some trojan related virus, performed the following steps.

a. Ran Malwarebytes Anti-Malware (it removed some of the infection)
b. Ran a complete scan with free curing utility Dr.Web CureIt! (result: no thread found)
c. Ran the anti spyware removal programs spybot (it removed some of the infection)
d. Installed ThreatFire and scanned again (result: no threat found)
e. Ran Windows Live OneCare safety scanner (online scan, it removed some of the regitry and other clean up.

Finally I have bought Norton Internet Security 2009 and installed in my machine and removed the Dr.Web CureIt, spybot and threatfire since confidence on Norton.

But I am still experiencing the system performance to be slow and I don't know whether the above mentioned trojan is removed or not.
Whenever opening IE/FF it's very slow and CPU goesto 100%.

Followed as per the guidelines provided in this site.

Step 1: Getting Started
========================
1. Removed programs no longer used
2. Cleaned my hard drive of unneeded files using CCleaner
3. Removed invalid registry entries using CCleaner

Step 2: Uninstalling Multiple Protection Applications
=======================================================
1. My system currently installed with only Norton Internet Security 2009.
2. My system currently having Norton Antivirus only

Step 3: House Cleaning
=========================
1. Below programs not found in Add/Remove Programs:
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Viewpoint Toolbar (Remove Only)

2. Emptied ALL Quarantine type folders for Notron antivirus and antispyware applications.
a. Removed Quarantine --> Risks in compressed file "dataintl.cab" has been fully resolved. (Notron Internet Security 2009)
b. Removed Quarantine --> Removed the below Quarantine from Malwarebytes Anti-Malware
Vendor Category Items
------ -------- -----
Trojan.Downloader File C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
Trojan.FakeAlert Registry Key HKEY_CURRENT_USER\SOFTWARE\XML

3. Emptied my Recycle Bin
4. Empty Norton Nprotect folder (Not present)
5. Downloaded and installed CCleaner and followed the instructions.

Step 4: Configuration & Setup
================================
1. Enabled viewing of hidden files, system files and file extensions
2. MSconfig set for Normal Startup mode

Step 5: Uninstall Known Malware and Unwanted Software
=====================================================
1. Dont' have any malware to uninstall.

Step 6: Select and run the all steps in the cleaning link below based on your Windows Operating System
======================================================================================================

Step 1: Downloading Tools
============================
SUPERAntiSpyware --> Downloaded to desktop
Malwarebytes Anti-Malware --> already my system installed with Malwarebytes Anti-Malware and it has removed some of the infections. To follow the steps as per this site, I have unimstalled it and downloaded it again and performed it again.
combofix.exe --> downloaded in desktop
RootRepeal --> dowmloaded in desktop
MGtools --> not able to download it to c:\

Step 2: Disabled User Account Control
=======================================
Disabled UAC

Step 3: Installing Tools and Running Scans
===========================================
Installed the following:

SUPERAntiSpyware
Malwarebytes Anti-Malware

combofix.exe
Note: WHEN I PERFORMED COMBOFIX, I GOT THE MESSAGE "Combofix has detected the presence of rootkit activity and needs to reboot the machine."

RootRepeal
MGtools

Step 4: Do You Still Have Problems
==================================
Yes. Still I am experience slowness in IE/FF and CPU 100%

Step 5:
======
Attached the following logs:


Logs:
1. SASlog.txt log from SuperAntiSpyware.
2. Malwarebytes Anti-Malware log
3. ComboFix.txt (normally C:\ComboFix.txt)
4. RRlog.txt (from RootRepeal)
5. MGlogs.zip - normally it is C:\MGlogs.zip

 

Attached the MGTools.zip file.
Note: Before came to this site, I have already ran the Malware antispyware and it has removed some of the infections. That log file I have attached with this thread.
As per this site guideline I have followed all the steps and took the Malware antospyware log which I have attched in the previous thread. Hope this won't confuse you. Please help to advice to get rid of all infections (rootkit? torjan?) thanks in advance and expecting the help from this forum.

 

Hi chaslang,

Attached the MGlogs.zip. PLease help to advice.
I am having 2GB of RAM. I have attached the screen shot of process running in task manager. I can able to see many svchost.exe is running.

 

Yes, I have disabled UAC and Rebooted after disabling UAC and disabled Norton antivirus before running MGtools.exe as Administrator.

I will do it again and attach the log.

Sorry for wrongly uploaded the wrong document. I have attached the right document. Can you please help to delete the wrong document?

 

oops. I think I haven't uploaded the document propely. Uploaded it again.
Whenever I am working with IE browser the mouse pointer is always showing it's being processed.

 

Hi chaslang,
I have disabled UAC abd rebotted and disabled the Norton Anitvirus and firewall and right clicked the MGTools.exe and ran as administrator and attached the log file and also attached the screen shots. thanks.

 

Hi chaslang,

Glad to know my system is not had any infection. Thank you so much for your effort and help. I have followed your steps and fixed those two entries using Hijack tool and uninstalled Hijack, enabled UAC, cleaned MGTools, uninstalled ComboFix.

However for my development work with java, I am requiring Java 1.5 and I don't want to upgrade it.

Once again thasnk you som much!!

Thanks & Regards
Mike