File Recovery program? Has highjacked my computer, please help....

[Keebs318]

I downloaded the Eset online scanner and completed the scan. This was the only log that came up:

C:\Users\Hainstocks\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\7618c040-2098c837   
Java/Exploit.CVE-2012-4681.P trojan   deleted - quarantined


As for how my computer is running, well none of the icons on my desktop have come back, nor have the files that are all blank come back to normal. Seems they are till hidden or moved elsewhere.   As well the file recovery program is still on the computer, however it is not trying to scan everytime the computer is turned on now. Its just listed in the program files on the start menu.

How can we get all the files and icons back in the same place they were prior to this hijacking??

[SuperDave]

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.
• If this tool doesn´t fix the problem, please let me know.

***********************************************************
Please download: HiJackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Click on the Open Uninstall Manager button.
  
• Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
  Copy and paste this file in your next reply.
  

[Keebs318]

I ran intalled the Unhide program and alot of my stuff came back. I did notice that system tools is still missing things like system retore, and other scanners and debug type things that were there before. I dont remember if exactly everything on other programs etc are there, but all appears ok i think.  I ran it twice once with mcafee working as usual and once with it disabled. I rebooted both times as well.

Here is the list from the trend micro hijacker program you had me install:

Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Canon MP Navigator EX 2.0
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
D3DX10
ESET Online Scanner v3
Google Earth Plug-in
Google Update Helper
HijackThis 2.0.2
Inkjet Printer/Scanner Extended Survey Program
Java(TM) 6 Update 35
Junk Mail filter update
LEGO Universe
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee AntiVirus Plus
Mesh Runtime
Messenger Companion
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MotoHelper MergeModules
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
QuickTime
Raptr
Realtek USB 2.0 Card Reader
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TurboTax 2010
TurboTax 2011
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 1.0.1
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Wondershare Photo Collage Studio 4.2.16.1

I appreciate all your help for sure, at very worst at least i can back up my files and reformat if i need too at a later time.  Unless we can get everything back to normal etc. 

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**************************************************

As well the file recovery program is still on the computer

I still can't find that program you're talking about.
Can you give me more information about it or a screenshot?

Please try this new tool from MS. It's supposed to fix a number of problems.

Please download and run MS Fix-it from here.

[Keebs318]

Ok i downloaded the most current JavaRE and I also ran the Microsoft fixit. 

I went through the start button where all the program files are listed and the names of all the programs on the computer are listed, however when i click on the files, they are "empty". If i do a search for the program it seems to be still on the computer, but the program file list is not updated so to get into any programs i have to do a windows search to find it.

I did also notice that the File Recovery Program that hijacked my computer to begin with is no longer listed in my program file list. So it seems to be removed from what i can tell. 

Any ideas on how i can get the programs listed back in the start button like they normally were etc.?  Also there is no system restore listed under accessories --->system tools nor is there disk defrag or disk cleanup etc. But if i search for system restore in the windows explorer it does pop up to start doing a system restore.

[SuperDave]

You can try running Unhide.exe again. If that doesn't work, back up all your important data and do a Repair from the Recovery
Console below. This is for Vista but it should work for Win7.

1. Eject and remove any discs or memory cards from your computer.

2. Click the "Start" button on the desktop to open the Start menu, click the small arrow icon to the right of the lock icon and select "Restart".

3. Hold the "F8" key on your computer's keyboard as Windows reboots.

4. Highlight and select "Repair your computer" choose your keyboard type and click "Next".

5. Choose your user name, type your password if prompted and click "OK" to access the System Recovery Options menu.[/COLOR]