think I have bad Malware

[darren loyden]

Hi,

Last night i got a new charger for my HP pavilion G6 laptop. I havn't turned it on for a week and last time i did there was no problems with it. About 10 mins after turning it on i noticed the internet wasn't working, So i reset my internet box as sometimes out BT homehub has connection issues. Nothing happened so i restarted my computer thinking it might be something to do with that.

When my computer restarted, It took forever to get past the 'welcome' screen on windows, and then i was presented with a black screen for about 2 mins. Once windows explorer launched, i still had no internet, my firewall was down, it could not connect to windows servers or intel servers ( i don't know what they are?).

I ran virus scans with Avira and Spyware Terminator and they found a java plug in that was dodgy, so i quarantined that and ran a Malbytes scan which come back clean. But this has not sorted the problem.

Thanks in advanced for any help!!

 

[darren loyden]

A quick update, I attempted to do a system restore and my computer is telling me i have no restore points saved, but i know for a fact i do because i did a restore just before my charger broke.

 

[Orbital Shark]

Hi, welcome to the forums

Best thing to do is to download MalwareBytes and perform a full system scan and hope that it picks it up.

As you mention no internet I'd advise you try creating a new user account and see if it allows for an internet connection.

 

[darren loyden]

Hi, welcome to the forums

Best thing to do is to download MalwareBytes and perform a full system scan and hope that it picks it up.

I've already run this and it come back completely clean. Im on Windows 7 HomePremium 32 bit if that makes a difference?

 

[Orbital Shark]

Here's a step by step that I find has worked for me and has cleaned many of my clients machines...

1. Start your machine normally and log in (if required)
2. As soon as the desktop appears right-click the taskbar and select Task Manager
   
      Note

   Be very quick, the virus will be inactive while the explorer environment is being started. This may take a couple of attempts

   
   ​
3. Now that you have Task Manager open you can systematically "Kill" any process which you do not recognize
4. Open Control Panel > Network and Internet > Internet Options and under the Connections tab click Lan Settings
5. Make sure that the Use Proxy server for your LAN is not selected. If it's selected then de-select it and click OK
6. Under the General tab, Delete ALL internet browseing history, making sure to de-select Preserve favorites website data and selecting ALL OTHER OPTIONS
7. Completely clean out the following 2 folders "c:\users\[your user]\Appdata\Local\Temp" and "c:\windows\temp"
   
      Note

   You may be prompted that some files are in use, just skip those and continue. You will also need to have hidden files, folder, and drives enabled

   
   ​
8. Download MalwareBytes and perform a Full System Scan

Your system should nw be at a more stable state but I'd advise performing multiple scans just to be on the safe side.


Hope it helps


OS

 

[marsmimar]

Hello darren and welcome to Seven Forums.

If creating a new user account or following Orbital Shark's task manager suggestions don't work you might want to see if your machine has some kind of recovery partition you could access. (This isn't the same thing as a system restore. A recovery partition lets you return your machine to original factory settings - the way it was when you first brought it home.) If you can get to your Start menu look for a program called Recovery Manager or something similar. Or, try clicking the F11 key immediately after you power on the laptop. Either method should get you to the recovery partition Then just follow the prompts and heed the warnings to back up personal data.

 

[George]

Your system should nw be at a more stable state but I'd advise performing multiple scans just to be on the safe side.

Nice post man , but i think, performing a full scan in safe mode is much more effective

 

[Orbital Shark]

Your system should nw be at a more stable state but I'd advise performing multiple scans just to be on the safe side.

Nice post man , but i think, performing a full scan in safe mode is much more effective

True, but as only minimal drivers/resources are loaded any memory active threats may not be picked up unless the resource is actually running.

 

[darren loyden]

Hi guys, Thankyou for the help so far.

I've followed all these steps and malware bytes and super anti spyware still can't find anything.

Im unsure about rebooting my system to factory settings as last time i did this, my computer deleted its boot manager and it cost me £100 for a fresh windows install. Is there anyway i can check my computer will safely restore to factory settings without dedicating myself to a factory restore?

Further, is there any further action i can take to try and delete this malware?

one thing ive noticed, when i try to turn on my Wlan either through cmd or its option section, i get an error saying i dont have administrative authority.

thanks!

 

[marsmimar]

Hi guys, Thankyou for the help so far.

I've followed all these steps and malware bytes and super anti spyware still can't find anything.

Im unsure about rebooting my system to factory settings as last time i did this, my computer deleted its boot manager and it cost me £100 for a fresh windows install. Is there anyway i can check my computer will safely restore to factory settings without dedicating myself to a factory restore?

Further, is there any further action i can take to try and delete this malware?

one thing ive noticed, when i try to turn on my Wlan either through cmd or its option section, i get an error saying i dont have administrative authority.

thanks!

If this is a malware problem there are some other free tools you could try. For example, Norton Power Eraser; Surfright's Hitman Pro; Trend Micro's HouseCall to name just a few.

If you still have clean scans then there's likely one of two possibilities: it's not a malware problem or the malware is so deeply embedded it's not being picked up. If it's not being picked up then a clean install or return to factory specs might be the best way to go. I'm not sure if there's a way to tell if the Recovery Manager will work without actually trying to return your machine to factory specs. (Same with a system image - don't really know if it'll work until you try. Blind faith. )

If it isn't malware (and I'm not sure if anybody can't state with 100% certainly your machine has not been infected) then you could possibly try System File Checker, or a Repair Install. If you need a full install disk there are sites available that offer official MS ISO versions of 7 HP. Download the ISO and burn it to a DVD. If you need to reactivate you'd use the sticker on your machine.

 

[Carolyn]

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Please post both reports in your next reply (no attachments please).

 

[darren loyden]

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Darren at 13:04:22.40 on 20/04/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3003.1818 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Darren\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Darren\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\darren\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
StartupFolder: c:\users\darren\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GRA32A~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GR469A~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\users\darren\appdata\local\temp\sas_selfextract\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\users\darren\appdata\local\temp\sas_selfextract\saskutil.sys [2010-5-10 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-2-20 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-20 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-20 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-20 61960]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-2-20 227896]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-2-20 328808]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-1-12 125672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-2-20 13336]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-3-9 366000]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-2-20 174592]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-20 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-8 1343400]
.
=============== Created Last 30 ================
.
2011-04-19 18:52:40 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-04-19 18:52:40 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-04-19 18:47:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-04-19 18:45:30 -------- d-----w- c:\users\darren\appdata\local\Microsoft Help
2011-04-19 18:39:45 -------- d-----w- c:\users\darren\appdata\local\{B1A4F74C-4668-44F7-BE28-0012032EB9C9}
2011-04-19 16:53:23 -------- d-----w- c:\users\darren\appdata\local\{46F7BE74-6F9E-470D-A47D-1960370430B9}
2011-04-11 10:42:18 -------- d-----w- c:\users\darren\appdata\local\{27F0E6CB-1CE7-4B75-8CE6-C750AA089576}
2011-04-11 09:13:57 -------- d-----w- c:\users\darren\appdata\local\{EE7E03C5-55C0-4828-AFA1-E0023CEAE468}
2011-04-09 17:32:15 -------- d-----w- c:\users\darren\appdata\local\{D5E9809B-8280-45BB-A9DD-DCA842450C65}
2011-04-09 12:37:13 -------- d-----w- c:\users\darren\appdata\local\{8E59E928-9355-4A41-BFD9-186CEE737FAB}
2011-04-05 07:15:03 -------- d-----w- c:\users\darren\appdata\local\{21786894-F745-42FE-B611-ACC627C38E09}
2011-04-04 16:08:17 -------- d-----w- c:\program files\CCleaner
2011-04-04 11:20:06 -------- d-----w- c:\users\darren\appdata\local\{AA2B77FE-3CC7-4008-826B-AD12F808952A}
2011-03-30 21:33:43 -------- d-----w- c:\program files\AutoHotkey
2011-03-29 19:03:36 -------- d-----w- c:\users\darren\appdata\local\{B28E043C-FF49-4EC0-80DF-581F6013358E}
2011-03-27 14:01:31 -------- d-----w- C:\BraCa Soft
2011-03-23 17:10:36 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-03-23 10:37:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
==================== Find3M ====================
.
2011-03-16 10:31:18 138056 ----a-w- c:\users\darren\appdata\roaming\PnkBstrK.sys
2011-03-16 10:31:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-16 10:31:00 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-16 10:30:56 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-03 07:49:02 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-03-03 07:45:02 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-02-20 20:39:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-20 12:29:31 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-07 17:45:52 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-07 17:39:02 4166551 ----a-w- c:\windows\system32\ffmpeg.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:05:20.79 ===============





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/02/2011 11:57:01
System Uptime: 20/04/2011 12:59:27 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3069
Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz | CPU | 1895/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 274.779 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP56: 20/04/2011 00:45:21 - test
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
aioprnt
aioscnnr
Atheros Driver Installation Program
AutoHotkey 1.0.48.05
Avira AntiVir Personal - Free Antivirus
Battlefield Heroes
C4USelfUpdater
CCleaner
center
CyberLink YouCam
D3DX10
Downloader
ERUNT 1.1j
essentials
FMRTE
Football Manager 2011
Google Chrome
HP DVD Play 3.7
HP Quick Launch Buttons
HPAsset component for HP Active Support Library
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 24
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSVCRT
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
NVIDIA PhysX v8.09.04
ocr
OpenOffice.org 3.3
PreReq
PunkBuster Services
QLBCASL
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Sandboxie 3.52
Spyware Terminator
Synaptics Pointing Device Driver
Veetle TV 0.9.18
Windows 7 Codec Pack 2.9.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== End Of File ===========================

 

[Carolyn]

Avira (and Windows Defender) malware definitions files are outdated. No surprise, the computer was offline for more than a week.

Let's try scanning your computer using a Avira AntiVir Rescue Disk

Instructions are available at this link:
Avira AntiVir Rescue Disk Download to clean Virus and Malware

If you have any problems running the Avira Rescue Disk, please give F-Secure a try.
Free F-Secure Rescue Bootable CD to Clean Virus and Malware

 

[darren loyden]

Ok i will follow these steps and report back, downloading the file on another computer now and i will burn to disk. thanks so much for your help thus far.

 

[Carolyn]

You're welcome.

Keep us posted

 

[darren loyden]

A quick question, Ive downloaded the ISO, do i need to download both files? ie ISO and SFX? also, once downloaded and extracted to desktop, do i simply burn the folder to disk? thanks and apologies for my lack of ability

 

[Carolyn]

You only need to download the ISO.

Detailed instructions for burning an ISO in Windows 7 can be found here
http://www.sevenforums.com/tutorials/548-burn-disc-image-iso-img-file.html

 

[darren loyden]

I've just finished running Avira rescue disk and it has come back with no viruses. The only thing it found where registry files and missing files. Im at a loss with what to do, is a windows reinstall the only option i now have? Thanks!

 

[Fayla]

Since you seem to have done many advanced virus/malware checks, have you tried this out: http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html ? (option #2 is the most convenient.) I used this a couple of months ago to fix my guest computer's loss of connectivity.

I've just finished running Avira rescue disk and it has come back with no viruses. The only thing it found where registry files and missing files. Im at a loss with what to do, is a windows reinstall the only option i now have? Thanks!

 

[Carolyn]

Before doing anything else, backup any important files/folders. Don't skip the backup.

As Fayla suggested, you can try sfc /scannow

If that doesn't resolve the issues...

This is what I would try, if it were my computer:

1. I would download SP1 using another computer and save it to a Flash Drive.

2. Uninstall Spyware Terminator, SuperAntispyware and Avira. Disable Windows Defender. This step is to keep those drivers and services from running.

3. Next, I would uninstall all the Windows updates going back to and including SP1.

4. Clean out any temp files (you have ccleaner installed).

5. Disable Windows Firewall.

6. Defrag the hard drive.

7. And as a last step, install SP1 using the Flash Drive (in the hopes that the missing files will be replaced and registry errors repaired).

If this does not work, then you will have to do either a repair install or clean install - so backup anything you care about first!