I was sure my computer had recieved a virus so I DL Malewarebytes, it found Hijack.display properties and put it into quarantine

I wasn't sure it would be gone so I did some research and found this site and another topic talking someone else http://www.helpmyos.com/malware-threat-removal-f6/hijackdisplayproperties-t1518.htm?highlight=hijack+display

Everything worked for me other than the step http://www.eset.com/onlinescan/ which ended within 10 seconds saying nothing was found but with no report

Here is my current malewarebytes report if this helps

Malwarebytes' Anti-Malware 1.44
Database version: 3834
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08/03/2010 00:50:28
mbam-log-2010-03-08 (00-50-28).txt

Scan type: Quick Scan
Objects scanned: 99924
Time elapsed: 1 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello! We need to do some diagnostics to get started.

Because you have 7, if any of these tools fail to run, skip them and let me know which ones did not run.

1. Please download Profiles by noahdfear.

• Save it to your desktop.
• Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

• Profiles log (1)
  
• Win32kDiag log (2)
  
• Cheetah log (3)

Thanks!

Prof said


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3516541327-4348200-2574814147-1001
ProfileImagePath REG_EXPAND_SZ C:\Users\Seager

SystemRoot REG_SZ C:\Windows

The 2nd one did not work saying I could not get backup privileges

Cheetah-Anti-Rogue v1.3.23
by DragonMaster Jay

Microsoft Windows [Version 6.1.7600]
Date: 08/03/2010 - Time: 2:42:49 - Arch.: AMD64


-- Malware removal tools check --


-- Known infection --



Extra message: Detection only.


EOF

Ah, sorry it did work just took a long time I thought it had error

Running from: C:\Users\Seager\Desktop\Win32kDiag.exe

Log file at : C:\Users\Seager\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-03-08 00:13:37 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
  
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  
• This will start the program and scan your system.
  
• The scan will take a while, so be patient and let it run.
  
• Once the scan is complete, click on View scan report
  
• Now, click on the Save Report as button.
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.
  

Hmmm, ok I think I have a problem

I tried that online scan but it said I required java framework version 1.6 or later

So I click that which brings me to the Java website and Download but After Downloading it and trying to install, it says The installer cannot continue with the current internet connection settings.

I know I already have Java Downloaded to the latest version it just won't work for either of my browsers Internet Explorer 8 or Mozilla Firefox telling me to check my internet connection and proxy settings.

Sorry I am really bad with computers and it doesn't help how worried I am this is brand new.
I'm sure java was working fine before

This is what Kempersky online Scanner 7 found, I got Java working after reseting my computer.

Monday, March 8, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 08, 2010 00:36:41
Records in database: 3733100
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Objects scanned 107767
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:10:16

No threats found. Scanned area is clean.
Selected area has been scanned.

Your computer is clean. I think the detection was vague.

And because Windows 7 is still fairly new, I think the detection was a false positive, and you have nothing to worry about.

Do you want to continue doing diagnostics?

That's a relief thank you! You asked if I want to continue but I don't really know much about computers to say,

So if you don't mind I'll tell you how it happened, My cousin was browsing the internet looking for information on a game,
When he finished the computer was going very very slow which it never did before, the mouse was lagging and things would take a 5 seconds plus to open

I tried to shut down my computer and it said that it could not shut down because of background programs followed by the blue screen shut down

When I started things back up I got warnings saying that all my anti virus software was turned off, Firewall, Norton and windows defender but when trying to turn them back on it would say they were already on still with the warning.

I ran a full system scan with Norton which was now insted of scanning 293,000 files would only scan 110,000

And that's when I found Malewarebytes which found Hijack.display properties and came here.

Ok. Here is the first scan out of two that we will do.

Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

I tried again, selecting run as administrator and got this

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

Ok. Sounds good.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Okay I ran the test, here is the URL

http://www.getsysteminfo.com/read.php?file=4010717e6df3d95b55ae1aab122eb630

also, thank you for this help.