Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: HP Desktop Acting Weird/Not Saving Files/CD/DVD Not Appearing as Drive

13 Jan 2015   #1
sbuxman

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
HP Desktop Acting Weird/Not Saving Files/CD/DVD Not Appearing as Drive

HP Pavilion p7-1108p Desktop
Win 7 Home Premium 64-bit
6 GB RAM
1 TB HDD
AMD Quad Core Processor

=======

Uploaded jpeg file (below) always appears now on boot/restart.
Lost CD/DVD functionality and new player will not show up as a drive in My Computer
Most saves or saves as won't show on desktop even though search says they are there
Poor mouse performance
Poor keyboard performance
Files that do show aftfer save/save as are different files than what was saved!

Running malwarebytes now in Safe Mode

sbuxman




Attached Thumbnails
HP Desktop Acting Weird/Not Saving Files/CD/DVD Not Appearing as Drive-desktop.error.jpg  
My System SpecsSystem Spec
.
13 Jan 2015   #2
gregrocker

 

You have the Conduit malware which is a serious infection that apparently snuck in because you didn't watch every step when downloading freeware. This is warned about in Clean Reinstall Windows 7 and one of the Troubleshooting Steps for Windows 7 to check I gave you in your other thread.

Download, install, decline trial version and Run full scans with Malwarebytes and SUPERAntiSpyware - Downloads

Uninstall in Control Panel>Programs and Features anything not installed on purpose, any Search service, any toolbars, anything that the user doesn't know if he uses it or not.

In your Browser's Add-On's or Extensions, Remove or Disable anything except Flash, your Reader helper, Shockwave. Access the Search engines from the dropdown arrow in Search box to set Google as default, Remove all others, and disallow any others.
My System SpecsSystem Spec
13 Jan 2015   #3
sbuxman

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Results of Malwarebytes scan in Safe Mode with Networking:

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/13/2015
Scan Time: 2:35:02 PM
Logfile: malware.scan.13JAN.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.13.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rick
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395839
Time Elapsed: 9 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 13
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, , [b244e31363263ff7d6150a1829dad42c],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, , [9a5c41b5e8a18caa6e7d909221e203fd],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [d02694622267ef473ebbec83f40f6d93],
PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\BetterBrain_1.10.0.2, , [c6302accf792a1951e5aec87d1320bf5],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\Retrogamer_4w, , [80764caadcada88e89f7d60c4cb826da],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [60962ec88603a88e6c8db4bb1fe4fe02],
PUP.Optional.BetterBrain.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bbnfd_1_10_0_2, , [ab4b0aec92f756e0cba9e39042c1fa06],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, , [dd19de1848416dc9cc0503ed7b897d83],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Retrogamer_4w, , [e31341b5becb77bffdfcc5d1f0136997],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [c72fd91def9a73c3fffb70ff030026da],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [8e68c234701954e24c44f2bf14ef35cb],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [19dd8274ef9a74c2931216b17c88e41c],
PUP.Optional.Updater.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UpdaterEX, , [0bebe80e494091a5d0feaca61ae95da3],
Registry Values: 4
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, , [08ee916518714aec72c2876b867e748c]
PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{6311158d-1248-4c22-b80e-0fce899a0c7c}, C:\Program Files (x86)\Mozilla Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c}, , [c531ae48a2e7aa8caaccd99aff04c33d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1R2Q1C1J2Z0K2Z1F, , [19dd8274ef9a74c2931216b17c88e41c]
PUP.Optional.Vosteran, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Vosteran, , [a551a35396f3a3932d6b6b8722e2bd43]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.Updater.A, C:\Users\Rick\AppData\Roaming\UpdaterEX\UpdateProc, , [0bebe80e494091a5d0feaca61ae95da3],
Files: 31
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, , [20d624d22465f442be40efe2a460966a],
PUP.Optional.Vosteran.A, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\searchplugins\Vosteran.xml, , [3eb812e431584beb1d4dc32d0ff542be],
PUP.Optional.Updater.A, C:\Users\Rick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe, , [0bebe80e494091a5d0feaca61ae95da3],
PUP.Optional.Vosteran.A, C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": ["Vosteran Search="],), ,[11e5e11580091d194cc5933da263d52b]
PUP.Optional.Vosteran.A, C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "Vosteran Search=",), ,[37bf08ee6d1cfb3b31e15d73fa0bb64a]
PUP.Optional.Vosteran.A, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, , [5f9737bfd4b551e58a72aa20d92c47b9],
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (user_pref("extensions.srchvstrn.hmpg", true), ,[6d897086c1c8d85e59cee1eacf366e92]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (sions.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "Vosteran Search), ,[1dd9b1450c7db581a97e993217eee719]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (tB0AtB0BtGyE0AtDzytGzyyDyEyEtGzztB0CtA0ByBtBzy0At), ,[6690847242473ef8022503c8db2ad22e]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (s.srchvstrn.hmpg", true);
user_pref("extensions.srchvst), ,[19dd23d3daaf33032ef94685986dc13f]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (strn.hmpg", true);
user_pref("extensions.srchv), ,[2cca6d89fe8b76c09f880cbf3ec77b85]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (ons.srchvstrn.hmpg", true);
user_pref("extension), ,[c036bc3a14755dd955d2ecdfd233748c]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (s.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "Vosteran Search), ,[dd19fef8820751e5bd6a646738cd7a86]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (0AtB0BtGyE0AtDzytGzyyDyEyEtGzztB0CtA0ByBtBzy0AtA0F0C2Q&cr=226247396&ir=");
user_pref("extensions.srchvstrn.dfltSrch", true);
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.dnsErr", true);
user_pref("extensions.srchvstrn_i.newTab", true);
user_pref("extensions.srchvstrn.newTabUrl", "Vosteran Search), ,[06f07383dbae7db99097b21917eeef11]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (BtGyE0AtDzytGzyyDyEyEtGzztB0CtA0ByBtBzy0AtA0F0C2Q&cr=2262), ,[23d37c7ad4b5013565c224a78f76cd33]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (trn.hmpg", true);
user_pref("extensions.srchvstrn.h), ,[08eebf3779101b1b1a0dddeea95c43bd]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (rchvstrn.hmpg", true);
user_pref("extensio), ,[a0565f97f099e254fc2bca01e91c33cd]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (ensions.srchvstrn.hmpg", true);
user_pref("), ,[ac4a1cda9aefad899295c00bb45110f0]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (nsions.srchvstrn.hmpg", true);
user_pref("extensions.s), ,[1adc07ef0b7e70c6d354eae1f3129d63]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (vstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgU), ,[e11572848ffa2511f4330ebd36cf4ab6]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (rn.hmpg", true);
user_pref("extensions.srchvstrn.hmp), ,[5a9ca94da2e7df5771b6f0dbba4b956b]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (chvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl"), ,[20d640b69fea171f42e59f2c14f1c040]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (pg", true);
user_pref("extensions.srchvstrn.hmpgUrl), ,[6690d521f891a19507208c3fbc499e62]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (rchvstrn.hmpg", true);
user_pref("extensions), ,[db1ba155a9e0e452fb2c8e3dbd4815eb]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (sions.srchvstrn.hmpg", true);
user_pref("extensions.sr), ,[1cdab83e1e6b44f253d44a8156af2dd3]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (vstrn.hmpg", true);
user_pref("extensions.src), ,[a353a94de4a544f29295765536cf8977]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (ions.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "http://Vo), ,[e5119e58a9e0b77fe83f82490203a858]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (ref("extensions.srchvstrn.hmpgUrl", "http://Voste), ,[33c37284ee9b979fcf58705b56af9967]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (s.srchvstrn.hmpg", true);
user_pref("extensions.s), ,[9c5a0ee8daaf89ad0225a32865a00df3]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "Vosteran Search), ,[e41243b3e1a8b5814fd83a91d035659b]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (D0BtGyB0FyEtAyCzy0EtByDyEtD0C2QtN1M1F1B2), ,[fcfac3334445f73f131403c89075758b]
Physical Sectors: 0
(No malicious items detected)

(end)

So, not sure what to make of this. I recall Vosteran proving extremely difficult for me to remove, and obviously I didn't. Could it be the culprit?

More to do, but I at least wanted to get the thread started with the scan results.

sbuxman
My System SpecsSystem Spec
.

13 Jan 2015   #4
gregrocker

 

In Malwarebytes preferences, select to scan for root kits.

Have it quarantine all the PUP's.

Run the SAS.

I'd also run one of the bootable AV scans from FREE Bootable AntiVirus Rescue CDs Download List.
Avira is good.
My System SpecsSystem Spec
13 Jan 2015   #5
sbuxman

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Geez Greg, thanks. Wow, a rootkit possibility? Ugh.

My friend Rick is not tech-savvy and this is still the worst I've seen happen to him since I got him this system as a Christmas gift about 4-5 years ago. So all I can do is caution him to be careful when he's downloading...the problem was missed by HP SmartFriend Services, BTW, so there ends my involvement with them to the tune of $14.99/month, though their lack of understanding of what I was trying to tell them last Sunday had already made the "cancel" decision for me.

I've heard of Avira and will use it, but SAS? What is that, please?

I'll do exactly as you say above in the two posts and report back to you here asap...

Again, thanks.

sbuxman
My System SpecsSystem Spec
13 Jan 2015   #6
sbuxman

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Do I need to perform the download/install of the full programs you mention above in Safe Mode with Networking?
My System SpecsSystem Spec
13 Jan 2015   #7
gregrocker

 

SAS is linked in my first post above.

I don't know if there's a rootkit but since MBAM offers to scan for them it should be checked.

What did you find in Programs and Features that may need uninstalling. If you can post back a screenshot of the full list we can spot what's trouble.

What had infiltrated the various browser Add-On's?

The only reason to run the scans in Safe Mode is if they are blocked from running normally.
My System SpecsSystem Spec
13 Jan 2015   #8
sbuxman

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

OK, thanks...I'm on my way to an association meeting now and my friend is 11 miles away...I needed a break...should I tell him to turn his system off? I can be back at his residence tomorrow at oh-dark-thirty if need be.
My System SpecsSystem Spec
13 Jan 2015   #9
sbuxman

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

I'll be showing at my friend Rick's home tomorrow at 8 AM PST.

I have the full versions of mbam and SAS downloaded on a flashdrive...I'll take a screenshot of the programs and post it as a jpeg.

Vosteran appears to have infiltrated the various browser add-ons...how can I check for more? My friend runs IE11, Firefox and Safari, all the latest versions.

Since my CD/DVD drive is inoperable, can I run Avira from a flashdrive?

Thanks.
My System SpecsSystem Spec
14 Jan 2015   #10
gregrocker

 

Several of the free bootable AV's I linked offer flash stick boot.
My System SpecsSystem Spec
Reply

 HP Desktop Acting Weird/Not Saving Files/CD/DVD Not Appearing as Drive




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Problems saving .doc and .txt files to my desktop
On my Windows 7 Home Premium (x64) I recently started receiving an error when trying to save a document (.doc, .xls, etc) or text (.txt)file to my desktop. The error is as follows: "C:\Users\John\Desktop\(FILE NAME).doc You don't have permission to save in this location. Contact the...
General Discussion
tab key acting weird
Hello, If this is the wrong forum, please move to the appropriate one! I have Windows 7 installed, IE8, Office 2007 etc. Recently I've noticed that the tab key isn't doing what it should be doing - i.e. tabbing between cells in a form, or web page. When you press the tab key, the form...
General Discussion
Random Locked Files Appearing in Hard Drive?
Hey everyone, While I was updating my laptop using the Windows Update, I see a Locked file appear randomly in my 2nd Hard Drive (the one without the OS). I am not sure if it's from the Windows Update as it is installing, but I see it appear, and then disappear. There were two locked files...
General Discussion
Saving Files Below Each Other on Windows 7's Desktop
Unlike with XP, half of the time I save files onto my desktop the files save between my default icons (Computer, Recycle Bin, etc.) and mess up my icon layout. I want them to always save at the bottom of my default icons
Customization
Saving and Extracting RAR files in drive D (Storage HDD)
I have an SSD as my OS drive and HDD as a storage drive. If I setup any program to save downloaded files to my storage HDD (specifically the program Newsleecher for Usenet downloading) and allowing it to extract the downloaded rar files into the same storage HDD, would the files still "go through"...
General Discussion
PC Acting really weird.
Hi, I have some sort of problem here, and I am hoping you could help me. Sometimes, MY PC just freezes and I have to shake the Chassis to make it unfreeze again. What problem is this? Any help appreciated.
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:57.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App