im either infected or losing my mind!

so where to start..6 days ago i was on Facebook and noticed a friend request pop up. i went to click it but before i could it vanished! then it happened again...and again..small things i noticed weren't right like word pad popping up on it's own and other little things popping up so i decided to start looking around..i found some strange things like a share group connected and player and leap pad store coming up. windows live on my laptop when i removed it years ago. so i removed it again and its come back again!and again! strange file names like perflog and panther appear and then vanish. going to look at a file and it tells me i dont have access..or something about granted permission from parent files.i get a warning telling me firefox isn't my web browser that internet explorer is..it isn't.a file i hadn't seen before in my web cam file. there seems to be another user when i went to find out why it's telling me i dont have permission to remove something that i thought was suspicious.my log files keep randomly moving into different areas of the computer hiding in files and i dont have access to certain files anymore as it would appear im no longer administrator.:confused when i ran combofix iwent to the quarantine to click on what it found then the screen went black..shut itself down and started dancing all over the screen going haywire..I've tried to copy and paste files to desktop and it would just quickly shoot back down to start menu..when clicking on start yesterday it would close as soon as i moved to click on another section on if it.in all there is too much to mention that's strange.one of the file names I've also seen was javascript collection
agent.dll and i can't find anything in Google to explain what it is which i can only assume is bad?i know half of it probably is harmless and you may even laugh hahaha..but i feel like im goin crazy here.or something just isn't right.thanks in advance for any advice you could give.

 

Hi, I hope this is ok. My wife started the thread after I refused to come on the internet for help (stubborn idiot). Much of what she put above is off the back off what she heard me moan and mumble to myself. I've spent days Googling and searching files, I've done lots of scans, (I hope correctly) and yet without any clear evidence to my untrained eye - I'm positive there is something in the laptop. The system is working fine, not slow, no problems with anything like that. There have just been some odd things going - now I don't know if I'm paranoid and seeing things that have always been there for the first time or I'm right. I just dont have a clue what I'm looking for. Hopefully you can tell if something is or has been inside, what it was doing there and is it still around or gone for good. thank you very much.

I've followed your guides and attached all logs you require. For the tools I have already run in the last few days without advice, I've included the original log PLUS the new logs from the scans I've just finished (for caparison if needed?)

Also added my logs from SpyBot S&D and Rootkit scan as they have some worrying results that include 4 video files of my young daughter, if you could have a look at those and let me know what it means please.

=================================

'Problems' / suspicions since the 29th/30th Oct until present. Main activity was on the 1/2nd Nov.

AVG Was blocked, couldn't access, run or uninstall it. Had to download uninstaller from AVG and re-install.

I was receiving a massive amount of spam emails to my Gmail account too, still am. Loan, finance, credit companies etc. Plus two phishing emails from 'PayPal' and 'Santander bank', almost as if somebody knows I've cancelled my cards and won't update details in any online accounts until I know I'm safe.(Paranoid?)

But there is also this...

http://i59.tinypic.com/2942idt.jpg

http://i59.tinypic.com/2942idt.jpg

Browser went back to IE, been using Firefox for years. So disabled IE, reinstalled Firefox.

A strange file appeared on my desktop which I didn't think about at the time and shredded with AVG. Can't get it back now after I did a system restore not long after (unwise?)... but I remember it was titled 'photoggg', I was expecting it to be a .jpg but wasn't. I can't remember the exact name but it 100% included 'dll' 'jscript' (or 'j-script') and 'shell' when I right clicked and checked the properties. I didn't double click or right click>open at any point.

Lots of activity in files related to Windows Live which I haven't had (or didn't know I had) on my system for years. By activity I mean when I've searched files/folders by 'date modified'. Not sure if that is the correct definition.

Lots of activity and files related to remote access, webcam including webcam.exe which has been modified numerous times a day (it has been used in weeks and surely doesn't update that much?), shared folders popping up, the user accounts seem to have changed slightly though I can't put my finger on how. Homegroup which hasn't stood out to me before.

Funny feeling about these files, and from what I've read about jusched.exe. which I searched and found in my system. But again, I have no idea what is what really.
(from DDS log)

2014-11-01 20:39:35 -------- d-sh--w- C:\Users\Brian\AppData\Local\EmieUserList
2014-11-01 20:39:35 -------- d-sh--w- C:\Users\Brian\AppData\Local\EmieSiteList
2014-10-15 20:52:59 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-10-15 20:51:52 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 20:51:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll

 

Hi, I hope this is ok. My wife started the thread after I refused to come on the internet for help (stubborn idiot). Much of what she put above is off the back off what she heard me moan and mumble to myself. I've spent days Googling and searching files, I've done lots of scans, (I hope correctly) and yet without any clear evidence to my untrained eye - I'm positive there is something in the laptop. The system is working fine, not slow, no problems with anything like that. There have just been some odd things going - now I don't know if I'm paranoid and seeing things that have always been there for the first time or I'm right. I just dont have a clue what I'm looking for. Hopefully you can tell if something is or has been inside, what it was doing there and is it still around or gone for good. thank you very much.

I've followed your guides and attached all logs you require. For the tools I have already run in the last few days without advice, I've included the original log PLUS the new logs from the scans I've just finished (for caparison if needed?)

Also added my logs from SpyBot S&D and Rootkit scan as they have some worrying results that include 4 video files of my young daughter, if you could have a look at those and let me know what it means please.

=================================

'Problems' / suspicions since the 29th/30th Oct until present. Main activity was on the 1/2nd Nov.

AVG Was blocked, couldn't access, run or uninstall it. Had to download uninstaller from AVG and re-install.

I was receiving a massive amount of spam emails to my Gmail account too, still am. Loan, finance, credit companies etc. Plus two phishing emails from 'PayPal' and 'Santander bank', almost as if somebody knows I've cancelled my cards and won't update details in any online accounts until I know I'm safe.(Paranoid?)

But there is also this...

http://i59.tinypic.com/2942idt.jpg

http://i59.tinypic.com/2942idt.jpg

Browser went back to IE, been using Firefox for years. So disabled IE, reinstalled Firefox.

A strange file appeared on my desktop which I didn't think about at the time and shredded with AVG. Can't get it back now after I did a system restore not long after (unwise?)... but I remember it was titled 'photoggg', I was expecting it to be a .jpg but wasn't. I can't remember the exact name but it 100% included 'dll' 'jscript' (or 'j-script') and 'shell' when I right clicked and checked the properties. I didn't double click or right click>open at any point.

Lots of activity in files related to Windows Live which I haven't had (or didn't know I had) on my system for years. By activity I mean when I've searched files/folders by 'date modified'. Not sure if that is the correct definition.

Lots of activity and files related to remote access, webcam including webcam.exe which has been modified numerous times a day (it has been used in weeks and surely doesn't update that much?), shared folders popping up, the user accounts seem to have changed slightly though I can't put my finger on how. Homegroup which hasn't stood out to me before.

Funny feeling about these files, and from what I've read about jusched.exe. which I searched and found in my system. But again, I have no idea what is what really.
(from DDS log)

2014-11-01 20:39:35 -------- d-sh--w- C:\Users\Brian\AppData\Local\EmieUserList
2014-11-01 20:39:35 -------- d-sh--w- C:\Users\Brian\AppData\Local\EmieSiteList
2014-10-15 20:52:59 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-10-15 20:51:52 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 20:51:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll

 

(Second post to add more logs.)

Unfortunately the log from my TDSSKiller run was just over the maximum file size. Is it ok to copy/paste?

Attached are the Spybot S&D plus Root Scanner log I would like somebody to look at and explain to me please.

I will edit with the MGtools log soon.

 

Sorry, I had a bit of a problem earlier closing out of the 'add attachments' drop down and I didn't realise I wouldn't be able to come back and edit my last logs into my post. Unintentional bumps :-o

I apologise and accept I'll be knocked down the queue, my fault.

Anyway, I think i have given you all the info I need to now, thanks.

Also, I posted the same photo twice in my earlier post.
This was actually meant to be my other example screenshot...

http://i60.tinypic.com/zjdzl4.jpg

 

Ok, thank you very much. I've done everything you suggested above and everything was clear.

For my own peace of mind, were you able to tell if there was anything infective in the last week or so, but had already been dealt with? Was I right to worry or being over-the-top paranoid? Also the SpyBot S&D scan that highlighted 4 .mp4 files of my daughter, could you tell me what that meant please - just to save me from worrying. Really appreciate the effort you guys go to here, great job.

 

Sorry, files attached.

Also, I was redirected to a web page when a few things were found (and highlighted orange) during the Rogue Killer scan from the other day. http://www.adlice.com/userland-rootkits-part-1-iat-hooks/

Do I need to do anything about that?