OS: Windows 7 Home Premium(x64) SP1
NOD32 Antivirus 4.2 - realtime
MalwareBytes Pro - on-demand scanning though I used to run it realtime
SuperAntiSpyware Pro - real time
Windows Firewall (with AS) (I did have COMODO Free Firewall installed for a week but uninstalled due to recent news of a COMODO security breach)
SpyBot S&D - free - on demand scanning only, no immunize/teatimer
1. Upon installation of some program (.exe) files, the "Do you want to run this program" box details field has a path leading to AppData/ SPAWNWND=$/NOTIFYWND=$ with numbers after both dollar signs. But the exe file is on the desktop. Virus Scans indicated I was clean so I let that go.
2. My laptop froze up completely during a Sandboxie uninstall (just to upgrade to new version). I rebooted and looked at the event logs but was litterally locked into them. All windows were closed inside Event Log but file->Exit, clicking the x to close and even trying to end theapplication in task manager gave me the popup "all windows must be closed before exiting the event viewer" then for a couple of days, Intermittent problems trying to exit applications, even trying to click the scrollbar sometimes wouldn't work.
3. I thought I was having some browser redirects because A few sites secure sites I had visited many times before gave me a warning(addons.mozilla.org, gmail, etc.) ... something like "The website has a valid security certificate but firefox cannot verify the connection is encrypted." Not exact words but something that gave me the impression that it's says its secure but doesn't seem secure. By the way, not the "invalid certificate error."
4.When I scanned with ESET Online Scanner yesterday, I checked the "scan for potentially unwanted and unsafe programs", it found 3 unwanted/unsafe apps( Really it was just one... Checksum Verify.exe, The installation file, the program file, and the shortcut were found for a total of 3), I clicked to uninstall and delete the programs but it's still completely intact AND the eset online scan log I exported to my desktop isn't there. This probably has something to do with the Windows popup after the scan was over saying "This program may not have installed coreectly." All ESET Scanning after that doesn't even recognze ChecksumVerifiy.exe as a threat again even though I have scanned 3 more times and the program is still there. After the last ESET Online scan, I got the prompt to uninstall esetsmartinstaller upon exit, which was the first time I saw that prompt. Why after multiple scans do I all of a sudden see the prompt to uninstall it? I clicked "uninstall upon exit" but nothing happenned. I tried manually uninstalling by runnining the uninstaller in the ESET Online Scanner folder but I keep getting the msg that it has been successfully uninstalled...even though it hasn't. (Thinking back now, I actually think I get that " the program may have installed incorrectly" message more than I should. But if the program opens after install, I click "It installed correctly.")
-Event log says:
Activation context generation failed for "C:\Users\Julie\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
5. This morning, Windows popup now tells me SAS has been switched to compatibility mode, all of a sudden.
6. My Event Log is going crazy with errors and warnings but I don't know what they mean. I googled...still clueless.
What I have Done So Far:
After noticing clue #3 from above:
I ran full scans (as administrator), first mbam, then NOD32 in depth, then SAS...first in normal then safe mode - nothing found. But I was infected a year or 2 ago and I will never forget how hard that sucker was to find, took me over a week of scanning! So I ran Microsoft Malicious Software removal Tool(full scan) and TDSS Killer (both normal then safe mode) and finally decided to load Hitman Pro on a usb stick from a clean PC, and run it in safe mode on my laptop just to be sure. It came up clean as well.
I cleared browser cache/tmp files, blocked headers/3rd party cookies.
I'm going to have to stop here or my post will be ignored due to lengthiness. I think I have a clue as to what the problem is but thats another long explnation regarding virus scanners hanging on $Recycle.Bin S-1-5-21 for 4 minutes before moving on, unknown user S-1-5-21 with special permissions, and registry leaks in my event log. I'm not qualified to understand or explain what I am seeing! But I don't belive my AV scans.
Now yesterday and today, I notice #4, 5 and 6 of symptom list up there.
FYI - The "clean pc" I loaded Hitman on crashed a few mins later with a blue screen with the message "Windows shut down to prevent damage to your computer." That's when I realized I had used the usb in my laptop recently. Then it started freezing up every few mins. Did I spread that from my laptop? I ran mbam in safe mode on the maybe-not-so-clean pc. All it found were 2 PUM.Disabled.....not really a threat. Coincidence, probably? It's running fine now.
I don't care about the PC, I can afford a new one and what's done is done-but hopefully not bank related. Just thought that info might be useful/related.
Let me know if you need other info...I am so confused!
Edited by hamluis, 27 July 2011 - 04:40 PM.