FBI virus, black screen for desktop, etc HELP

[SuperDave]

Please run ESET again and clean the infections. Leave the check mark next to Remove found threats and place a check next to Scan archives.

[katlyn]

C:\Users\All Users\wxDownload\5071feb9426ce.ocx   Win32/Adware.MultiPlug.C application   
C:\Users\All Users\wxDownload\5071feb942707.html   Win32/Adware.MultiPlug.H application   
C:\Users\All Users\wxDownload\507551326769d.ocx   Win32/Adware.MultiPlug.C application   
C:\Users\All Users\wxDownload\50755132676d6.html   Win32/Adware.MultiPlug.H application   
C:\Users\All Users\wxDownload\fgonadmnfmkoadiofbmpechmaopjfgck.crx   Win32/Adware.MultiPlug.H application   
C:\Users\All Users\wxDownload\ibfinlhcgcnnahoepljkhheknbhlgoli.crx   Win32/Adware.MultiPlug.H application   
C:\Program Files\FriendsChecker\friendschecker_cloudcanvas_wl_5342862.exe   a variant of Win32/InstallIQ application   cleaned by deleting - quarantined
C:\Program Files\Optimizer Pro\OptimizerPro.exe   a variant of Win32/SpeedingUpMyPC application   cleaned by deleting - quarantined
C:\Program Files\ReImageCompanion\jsloader.dll   Win32/BrowserCompanion.B application   cleaned by deleting - quarantined
C:\Program Files\ReImageCompanion\toolbar.dll   Win32/BrowserCompanion.D application   cleaned by deleting - quarantined
C:\Program Files\ReImageCompanion\widgetserv.exe   Win32/BrowserCompanion.F application   cleaned by deleting - quarantined
C:\ProgramData\wxDownload\5071feb9426ce.ocx   Win32/Adware.MultiPlug.C application   cleaned by deleting - quarantined
C:\ProgramData\wxDownload\5071feb942707.html   Win32/Adware.MultiPlug.H application   cleaned by deleting - quarantined
C:\ProgramData\wxDownload\507551326769d.ocx   Win32/Adware.MultiPlug.C application   cleaned by deleting - quarantined
C:\ProgramData\wxDownload\50755132676d6.html   Win32/Adware.MultiPlug.H application   cleaned by deleting - quarantined
C:\ProgramData\wxDownload\fgonadmnfmkoadiofbmpechmaopjfgck.crx   Win32/Adware.MultiPlug.H application   deleted - quarantined
C:\ProgramData\wxDownload\ibfinlhcgcnnahoepljkhheknbhlgoli.crx   Win32/Adware.MultiPlug.H application   deleted - quarantined
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgonadmnfmkoadiofbmpechmaopjfgck\4_0\5071fe4ee73731349647950.js   Win32/Adware.MultiPlug.H application   cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfinlhcgcnnahoepljkhheknbhlgoli\4_0\50755124a2c7e1349865764.js   Win32/Adware.MultiPlug.H application   cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Local\Temp\7A8F54FE-BAB0-7891-B0AC-18C9C467FEF3\Latest\MyBabylonTB.exe   Win32/Toolbar.Babylon application   cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\babylon_setup.exe   a variant of Win32/Toolbar.Babylon.A application   cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Local\Temp\{97B49818-AF16-29C6-1F3F-AB2B93986965}\Addons\OptimizerProInstaller.exe   a variant of Win32/Adware.SpeedingUpMyPC.A application   cleaned by deleting - quarantined
C:\Users\Hailey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51d1c3f7-5b90c2f6   a variant of Java/TrojanDownloader.OpenStream.NCE trojan   deleted - quarantined
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js   Win32/Adware.MultiPlug.H application   cleaned by deleting - quarantined
C:\Users\Hailey\AppData\Roaming\Mozilla\Firefox\Profiles\uotrsaye.default\extensions\[email protected]\content\bg.js   Win32/Adware.MultiPlug.H application   cleaned by deleting - quarantined
C:\Users\Hailey\Documents\My Stuff\Senior Stuff\frzfonts_1335.exe   a variant of Win32/InstallIQ application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\ArcadeCandyGames(1).exe   a variant of Win32/Adware.Gamevance.DD application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\ArcadeCandyGames(2).exe   a variant of Win32/Adware.Gamevance.DD application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\ArcadeCandyGames(3).exe   a variant of Win32/Adware.Gamevance.DD application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\ArcadeCandyGames(4).exe   a variant of Win32/Adware.Gamevance.DD application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\asc-setup-2011pro.exe   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\asc-setup.exe   a variant of Win32/ELEX application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\FastDownload(1).exe   Win32/InstallMate application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\FastDownload.exe   Win32/InstallMate application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetup(1).exe   Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetup(2).exe   Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetup(3).exe   Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetup.exe   Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\iLividSetupV1.exe   Win32/Toolbar.SearchSuite application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\mplayer_tuguu_1271.exe   a variant of Win32/InstallIQ application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\PCPerformerSetup.exe   a variant of Win32/InstallBrain.Q application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\setup(1).exe   Win32/InstalleRex.E.Gen application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\Setup.exe   a variant of Win32/InstallIQ application   cleaned by deleting - quarantined
C:\Users\Hailey\Downloads\tvshows.exe   a variant of Win32/InstallIQ application   cleaned by deleting - quarantined

[SuperDave]

Good. How's your computer running now? Any other issues?

[katlyn]

Well, I just rebooted and still have a black desktop.  I Also have a mouse that likes to jump around and disappear randomly, but haven't really checked that out since the reboot.  I have tons of stuff on my downloads that I have duplicates of, and I don't really know what most of them are.  I only re-enabled malwarebytes and windows defender... but my windows did not have current virus fighter.

Also, I don't know what all you can tell from those logs, but I had microsoft office 7 and it disappeared... any chance of recovering that, because I had that from a previous job, and don't have a disk to reload it.

[SuperDave]

Could you try running Unhide again? Reply # 5.
Could you also please run MBAM Antirootkit again and post the log. Reply # 13?

but my windows did not have current virus fighter.

Here's a list. I prefer MSE

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
****************************************************

but I had microsoft office 7 and it disappeared... any chance of recovering that, because I had that from a previous job, and don't have a disk to reload it.

I'm sure none of the scanners we used would have removed it. Did you look in "All Programs"?. If it's gone you could try OpenOffice. It's very good and compatible with MS Office 7

[katlyn]

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 01/28/2013 01:22:31 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 323413 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 15028 files processed.


No, I lost microsoft office a while back, just disappeared, but long before we sarted working on this. Here is unhide...............





The C:\Users\Hailey\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 01/28/2013 01:33:23 PM
Execution time: 0 hours(s), 10 minute(s), and 52 seconds(s)

[katlyn]

Again, it did show mbam.exe, just mbam, and did not give the cleanup choice...what am I doing wrong?  here is the log it created.   If I knew how to do screen shots I would show you what I get for my unzipped file.  I do not get a wizard walk thru to run the scan, like I did to run malwarebytres.







Malwarebytes Anti-Rootkit BETA 1.01.0.1017

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6001 Windows Vista Service Pack 1 x86

Account is Administrative

Internet Explorer version: 8.0.6001.19088

Java version: 1.6.0_26

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 937172992, free: 281141248

------------ Kernel report ------------
     01/28/2013 14:07:50
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\drivers\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\usbohci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\HSXHWBS3.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\system32\drivers\usbprint.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84efcac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000004f\
Lower Device Object: 0xffffffff83a8c878
Lower Device Driver Name: \Driver\nvstor32\
Driver name found: nvstor32
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
IRP handler 0 hooked
IRP handler 2 hooked
IRP handler 14 hooked
IRP handler 15 hooked
IRP handler 22 hooked
IRP handler 23 hooked
IRP handler 27 hooked
Load Function returned 0x0
=======================================

[katlyn]

Never mind, I'm an idiot... I chose run as administrator and it went thru it...... I have done so many new things I can't remember half of it! 


Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.28.10

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Hailey :: HAILEY-PC [administrator]

1/28/2013 2:33:30 PM
mbar-log-2013-01-28 (14-33-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27714
Time elapsed: 17 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[SuperDave]

How to post screenshots or images
Are you still getting the black screen?

[katlyn]

Yes, still black screen, mouse jumping around, disappearing and freezing, open tabs suddenly go away, if I watch a video I can't maximize the screen because it will just go blank and I have to ecs to get back to the screen.

[SuperDave]

Can you send me a screenshot. I'm going to consult with a colleague about this problem.

[katlyn]

I'm trying to do a screen shot from your instructions, but I am having trouble locating Paint... Since I can't get to my desktop, start, ect. Under Firefox, I go to new tab, open file, and have searched thru desktop, computer ect. and cannot locate all programs or accessories to even see if I have paint.

[SuperDave]

You can access Paint by clicking All Program, Accessories and selecting Paint. What happens when you boot your computer in Safe Mode?

[katlyn]

If I boot up in safe mode with networking, I have access to the start menu, programs etc., so I found paint and took screen shots of task manager, task manager services, programs and a few others.... this might get lengthy, but I did not know what you wanted a screen shot of, so I tried a lot of different things.  I have uploaded a few here this first time, because I did not know what or to do Hotlinks, so I'm trying it this way.  Again, if I am not in safe mode w/networking, my desktop is black so I do not have access to the start menu, therefore programs or paint, because I have to get online using task manager.  Here's try #1.......









Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us

[katlyn]

Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us


Uploaded with ImageShack.us




Uploaded with ImageShack.us