BaffleD

WOW- I have XARA.... I was also looking at uninstalling IE9 based on log results... MAN! Pretty much everything your talking about is hitting home with me... I told my girl- "This is a particularly nasty SOMETHING...I may have to actually join a forum somewhere and ask for help" She gave that raised eyebrow look- You know- the one when a guy actually stops, asks for directions and buys a map X~) YTD- Downloader That's also part of XARA. I was also looking at the Guest account... Unfortunately- I'm not sure how much of this are separate issues due to how long I've been laxing security wise. I think killing what I have so far though, has brought me even-keel with yours situation, so yeah- I agree, I'll hang tight and wait for yall's direction. I feel the same as you though- I typically know my system....and this one don;t feel like mine right now...

Interesting....I have a Toshiba Touchscreen...I'm pulling my hair out dealing with what seems to be the same issue(s)- I look nothing like my profile pic now X~) Mind if I join in here? pgpav2003- I too have become a workstation....not sure how that came about. I've tried quite a few of the things that TheDarkNight has recommended here, some from Hirens, some from SafeMode, and some from an an Admin account.... Been pouring over Event Logs and disabling various services....it's getting mess at this point....I'm rusty troubleshooting, and not entirely sure what all I can get away with disabling here in WIN 7... I've felt for a little while that my system was compromised....but kind-of ignored it finding scenarios where some the activity could be normal... But at 1:28 AM on the 27th (a few days ago, I was searching for some background texture images on Google and clicked on one and suddenly Microsoft Essentials went nuts.. My display went WHITE with the desktop running fine behind it. ctrl-alt-del worked, but returned to the blank-white screen...Going into Safe-Mode just rebooted... These are what event logs show- Warning 1/29/2013 1:28:47 AM Microsoft Antimalware 1116 None Name: TrojanDownloader:Win32/Karagany.I Name: VirTool:Win32/CeeInject.gen!HL Name: Trojan:Win32/Sirefef!cfg Name: Trojan:Win64/Sirefef.AE Name: PWS:Win32/Fareit.gen!I Name: TrojanDropper:Win32/Sirefef.gen!A Name: Trojan:Win64/Sirefef.AE Name: Trojan:Win32/Urausy.C I was hoping that Malwarebytes and the other tools I used shredded the above issues....I think so....BUT- Wasn't sure about this SuperAntiSpyware- Trojan.Dropper/SVCHost-Fake C:\PROGRAM FILES (X86)\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\SVCHOST.EXE Not sure if that is a false-positive or if along the way Malwarebytes got compromised.... I stumbled onto this post when reviewing this information, unconvinced that all my issues are resolved, wondering if by any chance I'm screwed from boot- 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 937035 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1922121728 | Size: 15333 Mo User = LL1 User = LL2 I was getting ready next to burn a couple Linux live drives to work from (also with additional rescue/malware tools) until I was I was on solid ground. BTW- My troubleshooting has not in anyway been organized....Basically try this try that.... I was just hoping maybe If I joined in, perhaps TheDarkNight would have more ammo from logs I could share, from a comparison perspective? Since nothing I've done has been organized, perhaps a tech strategy would be necessary, as I have no idea where to begin from here. I'm feeling pretty confident though that my system is still compromised from as far back as 08/2012 or likely longer....(Connected to "free" Internet provided by my residence)- SO who knows what all my system has been subjected too....and I wasn't as security-diligent during that period either. Just a day or two before the Trojan attack- I had just gained Admin access and setup our residential firewall/modem here where I'm living now. TheDarkNight- Is there anything I can do to better help? I didn't want to just dump all my unorganized documentation without both of your approval....I'm pretty positive I have some or much of the same going on as pgpav2003 here. If so, let me know what you'd like me to do. Otherwise, I'll just follow along. Either way- Thanks to both of you in advance