0

I am about at my wits end with this laptop. For no apparent reason and nothing setting it off, Internet explorer, as well as other browsers in the past keep opening themselves up, refresing and eventually rendering it unusable. I have ran Malwarebytes, Mcaffee antivirus, all sorts of other programs and they have all found nothing. I have reformatted and reimaged windows 7 at least three times now and it still does it. I just reimaged yesterday and still having the problem. I downloaded Hijackthis and saved a log and here it is...PLEASE HELP ME!! Thank You!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:13 PM, on 6/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Stacy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IQ33ZZA\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--
End of file - 6203 bytes

4
Contributors
11
Replies
41
Views
4 Years
Discussion Span
Last Post by RobertHDD
0

I'm not exactly sure what you're asking, but if you're talking about me "reimaging" windows, there is a separate partition on the hard drive that contains the recovery feature. This is happening on my wifes computer, I am on mine right now because I'm worried that it will start going crazy on me again. Anyways, since I do not have Windows 7 on a disc, I have to use that. I'm thinking that somehow this virus/malware or whatever it is infected something on that partition. I am afraid that I will end up having to purchase a hard copy of Windows and totally wipe the hard drive clean.

0

As far as I know, Supposedly, the recovery feature formats the windows partition of the hard drive before reinstalling windows. I'm not sure to what extent, but I thought at least enough to give me a nice, clean installation of windows. I thought wrong apparently...

0

In my opinion, either your computer has bad sectors or its been infected by a malware program.
2 steps will solve this issue for sure:
Step #1: Run a scan disk
Step #2: Download [Google Chrome Canary]. It is light weight and easy to use internet browser.
Step#3: Run a [Registry Cleaner].
Step#4: Download any powerful anti virus on your computer()I will reccommend <a title="Avast Anti Virus free download" href="http://downloadsoftwarescollection.blogspot.com/2013/02/avast-anti-virus-free-download.html">Avast Anti Virus free download</a>.
I hope both these issues will solve your problem and will [make your PC run faster] while using internet.

Edited by Jenifer Sarah

0

New log while it while internet explorer was going crazy

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:09:05 PM, on 6/7/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Stacy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--
End of file - 6575 bytes

0

I have ran two different anti-virus programs before reinstalling windows. Both up to date on definitions. It will not allow me on long enough to even install an antivirus. Very very frustrating. I also noticed that it will wake itself up from sleep mode while it's doing this. I push the power button to put it in sleep mode, a minute or two later, it's back up.

0

I'm not exactly sure what you're asking, but if you're talking about me "reimaging" windows

Are you decimating from a vendor supplied media or from image you created? Decimating should be "imaging" -- auto complete on my mobile device did that....

Hmmm.. some of these vendors will supply you a DVD if there is a problem with the recovery partition. I'd try that next if you think the recovery partition has been tampered with. I've never heard of that happending....

You are correct, the re-imaging, would format the C: partition, so if there was a virus there, I'd expect that it would be taken care by the process.

0

Fortunately, my wife saved the original box with everything in it, however no DVD was supplied. I am also wondering if there is something wrong with one of the buttons on the keyboard or something wrong with the touch pad. It's so intermittent and random that I cannot see that as a 100 percent probable cause....but I guess anything is possible. It may be fine for 5 minutes or so, then suddenly internet explorer will open up. If I close that window, two more pop up, if I close those out, then it starts going crazy until I hit ALT+F4 about a hundred times to close them out. If I leave the window(s) open and not try to close them out, they will just sit there and continually refresh themselves.

0

BTW I'm not sure if it will help, but it's a n HP Pavilion DV6, Windows 7 Home premium, 32 Bit.

0
I was also able to run combofix.  Although I did fight internet explorer the entire time.
Here it is.
ComboFix 13-06-07.03 - Stacy 06/07/2013  20:41:29.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7659.5776 [GMT -4:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-08 to 2013-06-08  )))))))))))))))))))))))))))))))
.
.
2013-06-08 00:50 . 2013-06-08 00:50 --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-07 13:42 . 2013-06-07 13:42 --------    d-----w-    c:\windows\SysWow64\Wat
2013-06-07 13:42 . 2013-06-07 13:42 --------    d-----w-    c:\windows\system32\Wat
2013-06-07 04:24 . 2012-07-26 04:55 785512  ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-06-07 04:24 . 2012-07-26 04:55 54376   ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-06-07 04:24 . 2012-07-26 04:47 2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-06-07 04:24 . 2012-07-26 02:36 9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-06-07 04:10 . 2013-06-07 04:10 9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 03:47 . 2012-12-16 17:11 46080   ----a-w-    c:\windows\system32\atmlib.dll
2013-06-07 03:47 . 2012-12-16 14:45 367616  ----a-w-    c:\windows\system32\atmfd.dll
2013-06-07 03:47 . 2012-12-16 14:13 295424  ----a-w-    c:\windows\SysWow64\atmfd.dll
2013-06-07 03:47 . 2012-12-16 14:13 34304   ----a-w-    c:\windows\SysWow64\atmlib.dll
2013-06-07 03:46 . 2012-07-26 03:08 229888  ----a-w-    c:\windows\system32\WUDFHost.exe
2013-06-07 03:46 . 2012-07-26 03:08 84992   ----a-w-    c:\windows\system32\WUDFSvc.dll
2013-06-07 03:46 . 2012-07-26 03:08 744448  ----a-w-    c:\windows\system32\WUDFx.dll
2013-06-07 03:46 . 2012-07-26 03:08 45056   ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2013-06-07 03:46 . 2012-07-26 03:08 194048  ----a-w-    c:\windows\system32\WUDFPlatform.dll
2013-06-07 03:46 . 2012-07-26 02:26 87040   ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2013-06-07 03:46 . 2012-07-26 02:26 198656  ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2013-06-07 03:38 . 2012-03-01 06:46 23408   ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-06-07 03:38 . 2012-03-01 06:33 81408   ----a-w-    c:\windows\system32\imagehlp.dll
2013-06-07 03:38 . 2012-03-01 06:28 5120    ----a-w-    c:\windows\system32\wmi.dll
2013-06-07 03:38 . 2012-03-01 05:33 159232  ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-06-07 03:38 . 2012-03-01 05:29 5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2013-06-07 02:26 . 2011-12-30 06:26 515584  ----a-w-    c:\windows\system32\timedate.cpl
2013-06-07 02:25 . 2013-01-03 06:00 1913192 ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-07 02:24 . 2012-09-25 22:47 78336   ----a-w-    c:\windows\SysWow64\synceng.dll
2013-06-07 02:23 . 2011-11-17 05:38 1292080 ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-06-07 02:23 . 2011-11-17 06:41 1731920 ----a-w-    c:\windows\system32\ntdll.dll
2013-06-07 02:23 . 2012-02-11 06:36 559104  ----a-w-    c:\windows\system32\spoolsv.exe
2013-06-07 02:23 . 2012-02-11 06:36 67072   ----a-w-    c:\windows\splwow64.exe
2013-06-07 02:23 . 2012-06-02 05:41 184320  ----a-w-    c:\windows\system32\cryptsvc.dll
2013-06-07 02:23 . 2012-06-02 05:41 140288  ----a-w-    c:\windows\system32\cryptnet.dll
2013-06-07 02:23 . 2012-06-02 05:41 1464320 ----a-w-    c:\windows\system32\crypt32.dll
2013-06-07 02:23 . 2012-06-02 04:36 140288  ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-06-07 02:23 . 2012-06-02 04:36 1159680 ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-06-07 02:23 . 2012-06-02 04:36 103936  ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-06-07 02:23 . 2011-11-19 14:58 77312   ----a-w-    c:\windows\system32\packager.dll
2013-06-07 02:23 . 2011-11-19 14:01 67072   ----a-w-    c:\windows\SysWow64\packager.dll
2013-06-07 02:09 . 2013-05-14 05:48 9460464 ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{B75331B1-B670-4294-9855-188470E99402}\mpengine.dll
2013-06-07 02:04 . 2012-02-17 06:38 1031680 ----a-w-    c:\windows\system32\rdpcore.dll
2013-06-07 02:04 . 2012-02-17 05:34 826880  ----a-w-    c:\windows\SysWow64\rdpcore.dll
2013-06-07 02:04 . 2012-02-17 04:57 23552   ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2013-06-07 02:00 . 2013-06-07 02:00 --------    d-----w-    c:\program files (x86)\Marcos Velasco Security
2013-06-05 05:28 . 2013-06-05 05:28 31744   ----a-w-    c:\windows\system32\drivers\usbrpm.sys
2013-06-05 05:26 . 2013-06-07 13:42 --------    d-----w-    c:\windows\ehome
2013-06-05 05:26 . 2013-06-05 05:26 --------    d-----w-    c:\users\Default\AppData\Roaming\Media Center Programs
2013-06-05 05:26 . 2013-06-05 05:26 --------    d-----r-    c:\users\Public\Recorded TV
2013-06-05 05:02 . 2013-06-05 05:02 --------    d-----w-    c:\programdata\ATI
2013-06-05 04:55 . 2013-06-05 04:55 --------    d-----w-    c:\windows\SysWow64\Macromed
2013-06-05 04:55 . 2013-06-05 04:55 --------    d-----w-    c:\program files (x86)\Common Files\Telespree
2013-06-05 04:54 . 2013-06-05 04:54 --------    d-----w-    c:\program files (x86)\HP SimplePass 2011
2013-06-05 04:54 . 2013-06-05 04:54 --------    d-----w-    c:\program files (x86)\Common Files\AuthenTec
2013-06-05 04:54 . 2013-06-05 04:54 --------    d-----w-    c:\program files\Common Files\AuthenTec
2013-06-05 04:54 . 2013-06-05 04:54 --------    d-----w-    c:\programdata\Downloaded Installations
2013-06-05 04:53 . 2013-06-05 04:53 --------    d-----w-    c:\program files (x86)\CyberLink
2013-06-05 04:50 . 2013-06-05 04:50 --------    d-----w-    c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
2013-06-05 04:50 . 2013-06-05 04:50 --------    d-----w-    c:\program files (x86)\AMD
2013-06-05 04:49 . 2013-06-05 04:49 0   ----a-w-    c:\windows\ativpsrm.bin
2013-06-05 04:48 . 2013-06-05 04:52 --------    d-----w-    c:\windows\Hewlett-Packard
2013-06-05 04:47 . 2013-06-05 04:47 --------    d-----w-    c:\windows\Driver Cache
2013-06-05 04:47 . 2013-06-05 04:47 --------    d-----w-    c:\program files (x86)\HP
2013-06-05 04:47 . 2013-06-05 05:01 --------    d-----w-    c:\programdata\Hewlett-Packard
2013-06-05 04:47 . 2013-06-05 04:47 --------    d-----w-    c:\programdata\Ralink Driver
2013-06-05 04:47 . 2011-03-07 16:55 1353280 ----a-w-    c:\windows\system32\drivers\netr28x.sys
2013-06-05 04:47 . 2011-03-07 16:49 327008  ----a-w-    c:\windows\system32\RaCoInstx.dll
2013-06-05 04:47 . 2013-06-05 04:55 --------    d-----w-    c:\program files (x86)\Hewlett-Packard
2013-06-05 04:46 . 2013-06-05 04:46 --------    d-----w-    c:\program files\Validity Sensors
2013-06-05 04:46 . 2013-06-05 04:46 --------    d-----w-    c:\windows\SysWow64\sda
2013-06-05 04:46 . 2011-03-25 00:20 9888360 ----a-w-    c:\windows\SysWow64\RtsPStorIcon.dll
2013-06-05 04:46 . 2011-03-25 00:20 337512  ----a-w-    c:\windows\system32\drivers\RtsPStor.sys
2013-06-05 04:45 . 2011-02-17 01:11 74272   ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-06-05 04:45 . 2011-02-17 01:11 428136  ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2013-06-05 04:45 . 2011-02-17 01:11 107552  ----a-w-    c:\windows\system32\RTNUninst64.dll
2013-06-05 04:45 . 2013-06-05 04:46 --------    d-----w-    c:\program files (x86)\Realtek
2013-06-05 04:45 . 2013-06-05 04:45 --------    d-----w-    c:\program files\Synaptics
2013-06-05 04:39 . 2013-06-05 04:39 --------    d-----w-    c:\program files (x86)\Microsoft.NET
2013-06-05 04:37 . 2013-06-05 04:37 --------    d-----w-    c:\program files (x86)\AMD APP
2013-06-05 04:37 . 2013-06-05 04:37 --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-06-05 04:37 . 2013-06-05 04:37 --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2013-06-05 04:36 . 2013-06-05 04:36 --------    d-----w-    c:\programdata\AMD
2013-06-05 04:36 . 2010-02-18 16:18 46136   ----a-w-    c:\windows\system32\drivers\amdiox64.sys
2013-06-05 04:36 . 2013-06-05 04:36 --------    d-----w-    c:\program files\ATI Technologies
2013-06-05 04:36 . 2013-06-05 04:36 --------    dc----w-    c:\windows\system32\DRVSTORE
2013-06-05 04:36 . 2010-12-16 08:06 47232   ----a-w-    c:\windows\system32\drivers\usbfilter.sys
2013-06-05 04:36 . 2013-06-05 04:36 --------    d-----w-    c:\program files\ATI
2013-06-05 04:36 . 2013-06-05 04:37 --------    d-----w-    c:\program files (x86)\ATI Technologies
2013-06-05 04:36 . 2013-06-07 05:00 --------    d-sh--w-    c:\windows\Installer
2013-06-05 02:09 . 2012-06-02 22:19 2428952 ----a-w-    c:\windows\system32\wuaueng.dll
2013-06-05 02:09 . 2012-06-02 22:19 57880   ----a-w-    c:\windows\system32\wuauclt.exe
2013-06-05 02:09 . 2012-06-02 22:19 44056   ----a-w-    c:\windows\system32\wups2.dll
2013-06-05 02:09 . 2012-06-02 22:15 2622464 ----a-w-    c:\windows\system32\wucltux.dll
2013-06-05 02:09 . 2012-06-02 22:19 38424   ----a-w-    c:\windows\system32\wups.dll
2013-06-05 02:09 . 2012-06-02 22:19 701976  ----a-w-    c:\windows\system32\wuapi.dll
2013-06-05 02:09 . 2012-06-02 22:15 99840   ----a-w-    c:\windows\system32\wudriver.dll
2013-06-05 02:09 . 2012-06-02 19:19 186752  ----a-w-    c:\windows\system32\wuwebv.dll
2013-06-05 02:09 . 2012-06-02 19:15 36864   ----a-w-    c:\windows\system32\wuapp.exe
2013-06-05 02:08 . 2013-06-05 02:10 --------    d-----w-    c:\users\Stacy
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 06:06 . 2010-11-21 03:27 278800  ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-06-07 02:27 135168  ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-07 02:27 350208  ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-07 02:27 308736  ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-07 02:27 111104  ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-07 02:27 474624  ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-07 02:27 2176512 ----a-w-    c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - UDFS
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-07  21:04:47
ComboFix-quarantined-files.txt  2013-06-08 01:04
.
Pre-Run: 588,146,552,832 bytes free
Post-Run: 588,270,759,936 bytes free
.
- - End Of File - - 84DA2AF6585E3440BA1DF642C1158C11
0

Hm seems like there was a virus or something this problem i had started way back at the start of this year when my browser kept on closing unexpectingly so I ran a few scans nothing was found. when i use all antivirus programs not all at once but um still it didnt find anything i really got pissed off so i just reinstall windows 7.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.