Solved Strange glitches in W7- a Virus?!

[CJH2012]

Hi,
I recently purchased Windows 7 and for a few months it was great. Then I did a repair install because I kept getting the 'busy' blue circle around the mouse pointer which was very distracting when trying to do my accountancy tests from the CD ROM.
After the repair install W7 seemed to be working okay for a while.
The next week or so I found programs (i.e. Excel) would suddenly shut down after a single click on the 'Office' symbol (top left). Also controlling files became problematic because a single click would mysteriously open a file, instead of e.g. merely selecting it. This and other erratic behaviour, the latest installment of which is the mouse wanders randomly around the screen, led me to believe I was the innocent victim of a nasty "malware" attack.
I was surprised because I use Kaspersky antivirus and Malwarebytes and use them regularly; I also have Driver Manager installed.
I back up regularly to an external USB hard drive, both manually copying files I use/modify often (mainly in Excel), and doing a weekly back up using Windows 7 proprietory back up program.
Apart from re-installing it please can anyone recommend/suggest another option that might fix my issues with Windows 7? I could try System Restore but since I am not sure exactly when the erratic behaviour emerged this is problematic.
Thanks in advance! (Written on my older XP System.)

 

[F5ing]

You could try a supplemental online malware scan here: ESET :: Get a FREE Online Virus Scan

And then check out: http://www.sevenforums.com/tutorial...ation-conflicts-performing-clean-startup.html

 

[CJH2012]

Okay thanks, will try that additional malware scan.

Might I also mention that when the busy 'blue circle' problem came back again after the repair install, I tried the following:

sfc /scannow

...in the 'cmd' console. The first scan produced a result of some corrupted Windows OS files that could not be fixed. Despite all my attempts I could not locate the affected files on my HD to e.g. deleted them. When I subsequently ran sfc /scannow it twice came back "clean".

I will report back result(s) of ESET scanner you suggested.

Edit: By the way I am running Excel Microsoft Office (Student) 2007, where the most serious symptoms occurred.

Results of scan as follows:

F:\CHRISJHUDSON-PC\Backup Set 2012-02-23 174559\Backup Files 2012-02-27 155302\Backup files 1.zip Win32/DownloadAdmin.A.Gen application deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-02-23 174559\Backup Files 2012-02-27 155302\Backup files 2.zip Win32/DownloadAdmin.A.Gen application deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-02-23 174559\Backup Files 2012-03-05 223108\Backup files 2.zip multiple threats deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-02-23 174559\Backup Files 2012-03-05 223108\Backup files 4.zip multiple threats deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-03-19 160757\Backup Files 2012-03-19 160757\Backup files 10.zip multiple threats deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-03-19 160757\Backup Files 2012-03-21 225709\Backup files 10.zip multiple threats deleted - quarantined
F:\CHRISJHUDSON-PC\Backup Set 2012-03-27 151040\Backup Files 2012-03-27 151040\Backup files 9.zip multiple threats deleted - quarantined

I hope that solves the problem! Thanks for the advice F5ing!

 

[F5ing]

You're welcome!

On the assumption that your data is stored on C: along with your OS/apps and that F: is your external drive containing your backups, it looks like Eset found nothing that would interfere with the operation of the OS. It found stuff that was apparently on your machine back in the Feb/March timeframe and are contained in those backup zip files.

Eset results should also identify the type/strain of the threat it found with each file. It may be helpful to post/research that info. If the "uninstall Eset when closed" (or however it's phrased) checkbox wasn't ticked when you closed it out, you should be able to find the logfile in C:\Program Files (x86)\ESET\ESET Online Scanner.

Do you routinely have the external connected and powered? If that's your only backup you should be aware that it's not an advisable practice; best that it is only connected when performing a backup/restore. However I don't use w7 backup app and am not familiar with its requirements. If you have it disconnected and then reboot your machine, the malware that was on there would have no effect on the operation of your machine. That's assuming that none of that malware had already affected your boot drive.

Do you have a real need for Driver Manager? w7 handles drivers pretty well on its own. I would be hesitant installing or relying on it.

 

[n2gc]

Might try Kaspersky TDSSKILLER or on the extreme, Combofix

 

[CJH2012]

Thanks F5ing for the additional advice. My W7 installation seems to be behaving itself now after the ESET scan, but annoying 'busy' blue circle is flashing on and off twice a second still.
Will try second part of the link in your initial reply.

P.S. Yes external drive is currently plugged in all the time.

 

[F5ing]

You might also want to take a look at Task Manager and Resource Monitor to see if either can be used to spot the activity taking place that's responsible for it.

 

[gregrocker]

What is this Driver Manager you have installed? These cause problems because Win7 is not XP or early Vista but a driver-complete OS in the installer and via optional Windows Updates. You should only import drivers still missing in Device Manager after all updates are completed, or if performance problems are traced to any driver(s).

If performance problems aren't resolved then I would try again to Clean Reinstall Windows 7 following these same steps for factory OEM which incorporate the Best Practices for setting up and maintaining Win7.

 

[CJH2012]

Thanks gregrocker, n2gc and F5ing.
Annoying constantly flashing blue 'busy' circle seems to have gone now.
Will try uninstalling Driver Manager from W7 and re-install it on my XP machine so I don't waste the license!

EDIT:
Hard drive is making bzzp noise evry second now i.e. working. Blue circle still stopped showing every second however.

Off topic, not being paranoid but there must be some pretty nasty stuff out there at the moment, if it bought Natwest's internet banking down (although they didn't say if it was internally caused error or external threat.) Also read story on COMP TIA newlsetter thingy about malware and one the American security services (?) which had been keeping service going to hacked computers but will be 'pullin gthe plug' on Sunday (tomorrow).

 

[F5ing]

Hard drive is making bzzp noise evry second now i.e. working.

This might not be a good sign as far as your hard drive health is concerned. Is it a new noise you're hearing from it? Or has it always sounded like that when it's accessed? How old is it? Might be worth booting into the BIOS to see what it has to say about the drive...

Also read story on COMP TIA newlsetter thingy about malware and one the American security services (?) which had been keeping service going to hacked computers but will be 'pullin gthe plug' on Sunday (tomorrow).

Sounds like you're speaking of the DNS Changer malware: DCWG | DNS Changer Working Group

 

[gregrocker]

Test the HD using the maker's HD Diagnostic extended CD scan, followed by Disk Check run from the installer/repair CD Command Line.

I would then wipe the HD with Diskpart Clean Command and Clean Reinstall - Factory OEM Windows 7 which steps are the same for retail.

 

[CJH2012]

Hi n2gc, Please find below posted report from Combo Fix. I would be grateful for any comments.
I noticed problems with Google Chrome locking-up or slowing right down recently too.
Gregrocker, sounds like a bit of an extreme solution- the problem is I don't have really large chunks of time to fix this, which a clean installation etc. as you are suggesting would necessitate. But it might come to that eventually, so thanks.

ComboFix 12-07-14.01 - Chris J. Hudson 15/07/2012 16:45:23.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.2031 [GMT 1:00]
Running from: c:\users\Chris J. Hudson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVK1OVWM\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 15:52 . 2012-07-15 15:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-15 15:52 . 2012-07-15 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 15:52 . 2012-07-15 15:52 -------- d-----w- c:\users\CHRISJ~1~HUD\AppData\Local\temp
2012-07-15 15:28 . 2012-07-15 15:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-14 08:03 . 2012-07-15 15:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7776427F-A57B-4626-AD7B-283D4E09345A}\offreg.dll
2012-07-14 06:13 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7776427F-A57B-4626-AD7B-283D4E09345A}\mpengine.dll
2012-07-13 08:28 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-13 08:24 . 2012-07-13 08:24 -------- d-----w- C:\SkyDriveTemp
2012-07-11 21:07 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 20:36 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 20:36 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 20:36 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 20:36 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 20:36 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 20:36 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 20:36 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 20:36 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 20:35 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 20:35 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 20:35 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 20:35 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 20:35 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 20:35 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 20:35 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-04 13:29 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-04 13:29 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-04 13:28 . 2012-07-04 13:28 -------- d-----w- c:\program files\iPod
2012-07-04 13:28 . 2012-07-04 13:29 -------- d-----w- c:\program files\iTunes
2012-06-24 15:50 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-06-24 15:50 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-06-24 15:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 15:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 15:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 15:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 15:46 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 15:46 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 15:46 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 15:46 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 15:46 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 12:46 . 2012-04-14 10:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 22:43 . 2012-04-02 09:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-01 22:43 . 2012-01-22 21:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 10:26 . 2012-06-02 21:49 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-06-02 21:49 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2012-06-02 21:49 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-06-02 21:49 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-06-02 21:49 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-06-02 21:49 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2012-06-02 21:49 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-06-02 21:49 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2012-06-02 21:49 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26 . 2012-06-02 21:49 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-06-02 21:49 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2012-03-13 21:12 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 09:28 . 2012-06-11 22:19 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2012-06-11 22:19 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2012-06-11 22:19 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2012-06-11 22:19 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2012-06-11 22:19 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 01:21 . 2012-05-15 01:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-01 04:44 . 2012-06-13 12:06 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 12:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 12:06 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 12:06 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 12:06 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 12:06 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 12:06 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 12:06 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-18 17:08 . 2012-06-02 21:49 27968 ----a-w- c:\windows\system32\nvhdap32.dll
2012-04-18 17:08 . 2012-06-02 21:49 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2012-04-18 17:08 . 2012-06-02 21:49 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-02-21 15:43 . 2012-02-21 15:43 200846 ----a-w- c:\program files\RuntimeSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-13 07:56 220632 ----a-w- c:\users\Chris J. Hudson\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-13 07:56 220632 ----a-w- c:\users\Chris J. Hudson\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-13 07:56 220632 ----a-w- c:\users\Chris J. Hudson\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"B34A1393B739BBBD2BCFD7ABD1C5D2E2D57962B4._service_run"="c:\users\Chris J. Hudson\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-10 1250328]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SkyDrive"="c:\users\Chris J. Hudson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-13 238552]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-09-02 2158592]
"chromium"="c:\users\Chris J. Hudson\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-07-10 1250328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 SaiHFF0C;SaiHFF0C;c:\windows\system32\DRIVERS\SaiHFF0C.sys [x]
S3 SaiUFF0C;SaiUFF0C;c:\windows\system32\DRIVERS\SaiUFF0C.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 13165922
*Deregistered* - 13165922
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4242454274-3306585242-3044636838-1000Core1cd0911b347170f.job
- c:\users\Chris J. Hudson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 17:14]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4242454274-3306585242-3044636838-1000UA1cd0911b521aa62.job
- c:\users\Chris J. Hudson\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-29 17:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-13165922.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,
5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:50,bc,ba,be,4a,10,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,a6,9a,68,6f,8f,a8,4f,94,1d,83,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,a6,9a,68,6f,8f,a8,4f,94,1d,83,\
.
[HKEY_USERS\S-1-5-21-4242454274-3306585242-3044636838-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4242454274-3306585242-3044636838-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-15 16:55:41
ComboFix-quarantined-files.txt 2012-07-15 15:55
.
Pre-Run: 69,641,908,224 bytes free
Post-Run: 69,836,226,560 bytes free
.
- - End Of File - - CBA941CB4072686B9A5CE0BBD947CDDA

 

[CJH2012]

Bump.

 

[gregrocker]

With the HD clicking then at the minimum you need to run the HD Diagnostics extended CD scan followed by Disk Check, just to confirm it's not failing.

 

[CJH2012]

Thanks gregrocker, I was not ignoring you before, just short of time and missed your previous post!
Will try that and report back.

EDIT: The disc with the funny 'clicking' noises (which I rescued from a kaput Sony Viao) is not bootable, merely spare external storage.

 

[CJH2012]

Bump

 

[gregrocker]

Unplug the clicking HD to see if the problems persist with the OS.

If so work through these Troubleshooting Steps for Windows 7 - Windows 7 Forums

 

[CJH2012]

No problems with HDs once external drive, which kind of makes a "wallop!" sound every time I shut down, disconnected.
The other weird behaviour was the constant whirring of the system-bootable HD which for some reason(s) unknown was being accessed approximately every half second by the system. This has now stopped, thankfully.
I would suggest the constant HD activity prior to this was connected with the constant "busy blue circle" which I was seeing before I ran the malware scans.

 

[gregrocker]

What were the results of HD Diagnostics on internal HD and Disk Check on both drives?

 

[CJH2012]

Sorry for the delay Gregrocker- will report back shortly.