HP Desktop Acting Weird/Not Saving Files/CD/DVD Not Appearing as Drive

HP Pavilion p7-1108p Desktop
Win 7 Home Premium 64-bit
6 GB RAM
1 TB HDD
AMD Quad Core Processor

=======

Uploaded jpeg file (below) always appears now on boot/restart.
Lost CD/DVD functionality and new player will not show up as a drive in My Computer
Most saves or saves as won't show on desktop even though search says they are there
Poor mouse performance
Poor keyboard performance
Files that do show aftfer save/save as are different files than what was saved!

Running malwarebytes now in Safe Mode

sbuxman

You have the Conduit malware which is a serious infection that apparently snuck in because you didn't watch every step when downloading freeware. This is warned about in Clean Reinstall Windows 7 and one of the Troubleshooting Steps for Windows 7 to check I gave you in your other thread.

Download, install, decline trial version and Run full scans with Malwarebytes and SUPERAntiSpyware - Downloads

Uninstall in Control Panel>Programs and Features anything not installed on purpose, any Search service, any toolbars, anything that the user doesn't know if he uses it or not.

In your Browser's Add-On's or Extensions, Remove or Disable anything except Flash, your Reader helper, Shockwave. Access the Search engines from the dropdown arrow in Search box to set Google as default, Remove all others, and disallow any others.

Results of Malwarebytes scan in Safe Mode with Networking:

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/13/2015
Scan Time: 2:35:02 PM
Logfile: malware.scan.13JAN.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.13.18
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rick
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395839
Time Elapsed: 9 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 13
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, , [b244e31363263ff7d6150a1829dad42c],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TypeLib\{03119103-0854-469D-807A-171568457991}, , [9a5c41b5e8a18caa6e7d909221e203fd],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [d02694622267ef473ebbec83f40f6d93],
PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\BetterBrain_1.10.0.2, , [c6302accf792a1951e5aec87d1320bf5],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\Retrogamer_4w, , [80764caadcada88e89f7d60c4cb826da],
PUP.Optional.Vosteran.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [60962ec88603a88e6c8db4bb1fe4fe02],
PUP.Optional.BetterBrain.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\bbnfd_1_10_0_2, , [ab4b0aec92f756e0cba9e39042c1fa06],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, , [dd19de1848416dc9cc0503ed7b897d83],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Retrogamer_4w, , [e31341b5becb77bffdfcc5d1f0136997],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, , [c72fd91def9a73c3fffb70ff030026da],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [8e68c234701954e24c44f2bf14ef35cb],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [19dd8274ef9a74c2931216b17c88e41c],
PUP.Optional.Updater.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UpdaterEX, , [0bebe80e494091a5d0feaca61ae95da3],
Registry Values: 4
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, , [08ee916518714aec72c2876b867e748c]
PUP.Optional.BetterBrain.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{6311158d-1248-4c22-b80e-0fce899a0c7c}, C:\Program Files (x86)\Mozilla Firefox\extensions\{6311158d-1248-4c22-b80e-0fce899a0c7c}, , [c531ae48a2e7aa8caaccd99aff04c33d]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1R2Q1C1J2Z0K2Z1F, , [19dd8274ef9a74c2931216b17c88e41c]
PUP.Optional.Vosteran, HKU\S-1-5-21-2638437439-3136956875-2434925563-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Vosteran, , [a551a35396f3a3932d6b6b8722e2bd43]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.Updater.A, C:\Users\Rick\AppData\Roaming\UpdaterEX\UpdateProc, , [0bebe80e494091a5d0feaca61ae95da3],
Files: 31
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, , [20d624d22465f442be40efe2a460966a],
PUP.Optional.Vosteran.A, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\searchplugins\Vosteran.xml, , [3eb812e431584beb1d4dc32d0ff542be],
PUP.Optional.Updater.A, C:\Users\Rick\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe, , [0bebe80e494091a5d0feaca61ae95da3],
PUP.Optional.Vosteran.A, C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": ["Vosteran Search="],), ,[11e5e11580091d194cc5933da263d52b]
PUP.Optional.Vosteran.A, C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "Vosteran Search=",), ,[37bf08ee6d1cfb3b31e15d73fa0bb64a]
PUP.Optional.Vosteran.A, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, , [5f9737bfd4b551e58a72aa20d92c47b9],
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (user_pref("extensions.srchvstrn.hmpg", true), ,[6d897086c1c8d85e59cee1eacf366e92]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (sions.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "Vosteran Search), ,[1dd9b1450c7db581a97e993217eee719]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (tB0AtB0BtGyE0AtDzytGzyyDyEyEtGzztB0CtA0ByBtBzy0At), ,[6690847242473ef8022503c8db2ad22e]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (s.srchvstrn.hmpg", true);
user_pref("extensions.srchvst), ,[19dd23d3daaf33032ef94685986dc13f]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (strn.hmpg", true);
user_pref("extensions.srchv), ,[2cca6d89fe8b76c09f880cbf3ec77b85]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (ons.srchvstrn.hmpg", true);
user_pref("extension), ,[c036bc3a14755dd955d2ecdfd233748c]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (s.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "Vosteran Search), ,[dd19fef8820751e5bd6a646738cd7a86]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (0AtB0BtGyE0AtDzytGzyyDyEyEtGzztB0CtA0ByBtBzy0AtA0F0C2Q&cr=226247396&ir=");
user_pref("extensions.srchvstrn.dfltSrch", true);
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
user_pref("extensions.srchvstrn.dnsErr", true);
user_pref("extensions.srchvstrn_i.newTab", true);
user_pref("extensions.srchvstrn.newTabUrl", "Vosteran Search), ,[06f07383dbae7db99097b21917eeef11]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (BtGyE0AtDzytGzyyDyEyEtGzztB0CtA0ByBtBzy0AtA0F0C2Q&cr=2262), ,[23d37c7ad4b5013565c224a78f76cd33]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (trn.hmpg", true);
user_pref("extensions.srchvstrn.h), ,[08eebf3779101b1b1a0dddeea95c43bd]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (rchvstrn.hmpg", true);
user_pref("extensio), ,[a0565f97f099e254fc2bca01e91c33cd]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (ensions.srchvstrn.hmpg", true);
user_pref("), ,[ac4a1cda9aefad899295c00bb45110f0]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (nsions.srchvstrn.hmpg", true);
user_pref("extensions.s), ,[1adc07ef0b7e70c6d354eae1f3129d63]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (vstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgU), ,[e11572848ffa2511f4330ebd36cf4ab6]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (rn.hmpg", true);
user_pref("extensions.srchvstrn.hmp), ,[5a9ca94da2e7df5771b6f0dbba4b956b]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (chvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl"), ,[20d640b69fea171f42e59f2c14f1c040]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (pg", true);
user_pref("extensions.srchvstrn.hmpgUrl), ,[6690d521f891a19507208c3fbc499e62]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (rchvstrn.hmpg", true);
user_pref("extensions), ,[db1ba155a9e0e452fb2c8e3dbd4815eb]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (sions.srchvstrn.hmpg", true);
user_pref("extensions.sr), ,[1cdab83e1e6b44f253d44a8156af2dd3]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (vstrn.hmpg", true);
user_pref("extensions.src), ,[a353a94de4a544f29295765536cf8977]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (ions.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "http://Vo), ,[e5119e58a9e0b77fe83f82490203a858]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (ref("extensions.srchvstrn.hmpgUrl", "http://Voste), ,[33c37284ee9b979fcf58705b56af9967]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (s.srchvstrn.hmpg", true);
user_pref("extensions.s), ,[9c5a0ee8daaf89ad0225a32865a00df3]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (.srchvstrn.hmpg", true);
user_pref("extensions.srchvstrn.hmpgUrl", "Vosteran Search), ,[e41243b3e1a8b5814fd83a91d035659b]
PUP.Optional.Vosteran, C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\d8v2aih4.default\user.js, Good: (), Bad: (D0BtGyB0FyEtAyCzy0EtByDyEtD0C2QtN1M1F1B2), ,[fcfac3334445f73f131403c89075758b]
Physical Sectors: 0
(No malicious items detected)

(end)

So, not sure what to make of this. I recall Vosteran proving extremely difficult for me to remove, and obviously I didn't. Could it be the culprit?

More to do, but I at least wanted to get the thread started with the scan results.

sbuxman

In Malwarebytes preferences, select to scan for root kits.

Have it quarantine all the PUP's.

Run the SAS.

I'd also run one of the bootable AV scans from FREE Bootable AntiVirus Rescue CDs Download List.
Avira is good.

Geez Greg, thanks. Wow, a rootkit possibility? Ugh.

My friend Rick is not tech-savvy and this is still the worst I've seen happen to him since I got him this system as a Christmas gift about 4-5 years ago. So all I can do is caution him to be careful when he's downloading...the problem was missed by HP SmartFriend Services, BTW, so there ends my involvement with them to the tune of $14.99/month, though their lack of understanding of what I was trying to tell them last Sunday had already made the "cancel" decision for me.

I've heard of Avira and will use it, but SAS? What is that, please?

I'll do exactly as you say above in the two posts and report back to you here asap...

Again, thanks.

sbuxman

Do I need to perform the download/install of the full programs you mention above in Safe Mode with Networking?

SAS is linked in my first post above.

I don't know if there's a rootkit but since MBAM offers to scan for them it should be checked.

What did you find in Programs and Features that may need uninstalling. If you can post back a screenshot of the full list we can spot what's trouble.

What had infiltrated the various browser Add-On's?

The only reason to run the scans in Safe Mode is if they are blocked from running normally.

OK, thanks...I'm on my way to an association meeting now and my friend is 11 miles away...I needed a break...should I tell him to turn his system off? I can be back at his residence tomorrow at oh-dark-thirty if need be.

I'll be showing at my friend Rick's home tomorrow at 8 AM PST.

I have the full versions of mbam and SAS downloaded on a flashdrive...I'll take a screenshot of the programs and post it as a jpeg.

Vosteran appears to have infiltrated the various browser add-ons...how can I check for more? My friend runs IE11, Firefox and Safari, all the latest versions.

Since my CD/DVD drive is inoperable, can I run Avira from a flashdrive?

Thanks.

Several of the free bootable AV's I linked offer flash stick boot.