Virus? Is it gone or what...

Page 1 of 3 123 LastLast

  1. Posts : 32
    Windows 7
       #1

    Virus? Is it gone or what...


    So today, I turned on my computer and it could not turn on! There was the two options which were a startup repair thing, or start windows normally. This normally happens (only once) so I clicked the Start Windows Normally. Then that screen kept happening. On the 5-6th try, I did the first option which was the repair thing. It did not find anything and shut down. I tried it again, and it worked! But the thing is... my computer was SUPER slow, my antivirus was shut down (and could not start Malware Anti-Malware Bytes, Spybot, etc), and I had no internet!

    I shut it down, and went to safe mode with no networking. I opened up a (unupdated - 37days... No internet to update it) Malware Anti-Malware Bytes, and did a Full-scan. After 44minutes, it found nothing. I restarted my computer, and logged in without safe mode. And here I am right now, my computer working PERFECTLY. I updated MBAM, Spybot, Avast, and EVERYTHING... and quick scanned. Mbam found nothing - and Spybot Search and Destroy is almost done, also found nothing...

    Is my computer safe, or do I need to take extreme measures and post HiJackThis, DDS logs, etc?

    EDIT: New "topic" starting on page 3
    Last edited by sevenshotzzzz; 05 May 2011 at 16:38.
      My Computer


  2. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #2

    See if Eset finds anything ...

    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Push the Start button.
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, push
    11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Push the button.
    13. Push
      My Computer


  3. Posts : 32
    Windows 7
    Thread Starter
       #3

    It seems it found nothing. It took about 2 hours to complete, and no threats were found. Weird...
    Heres a DDS log if something seems fishy... viruses shouldn't disappear!

    Code:
     
    .
    DDS (Ver_11-03-05.01) - NTFSx86 
    Run by User at 19:16:34.04 on 30/03/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3071.1647 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\IObit\IObit Security 360\is360tray.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
    C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\IObit\IObit Security 360\is360.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\User\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=0809&m=aspire_x3810
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.ca/
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=0809&m=aspire_x3810
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=1&o=vp32&d=0809&m=aspire_x3810
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: youtube.com\www
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\r3dnijxp.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\r3dnijxp.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\r3dnijxp.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
    FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\r3dnijxp.default\extensions\battlefieldplay4free@ea.com\platform\winnt_x86-msvc\plugins\npBP4FUpdater.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
    FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
    FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-25 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-6 301528]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-6 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-6 53592]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-25 42184]
    R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-8-19 75048]
    R2 CyberLink Media Server Monitor Service;CyberLink Media Server Monitor Service;c:\program files\acer arcade deluxe\acer homemedia connect\kernel\dms\CLMSMonitorService.exe [2009-8-19 58664]
    R2 CyberLink Media Server Service;CyberLink Media Server Service;c:\program files\acer arcade deluxe\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-8-19 288120]
    R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-31 312152]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-3-18 88176]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-21 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-4-7 223960]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-4-4 114952]
    R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-9-26 21920]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    S2 0228361300490238mcinstcleanup;McAfee Application Installer Cleanup (0228361300490238);c:\windows\temp\022836~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\022836~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 hpusbwdm;HP DVD Movie Writer;c:\windows\system32\drivers\hpusbwdm.sys [2003-12-31 1080832]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
    S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-03-30 18:54:29 -------- d-----w- c:\program files\ESET
    2011-03-30 18:34:56 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4beb86d2-ab5a-44cb-8999-a9ac19869803}\mpengine.dll
    2011-03-29 02:36:01 -------- d-----w- c:\users\user\appdata\roaming\NeopleLauncherDFO
    2011-03-19 22:30:02 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-03-19 22:27:51 -------- d-----w- c:\windows\system32\SPReview
    2011-03-09 03:27:57 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-09 03:27:57 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-09 03:27:56 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-09 03:27:55 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-09 03:27:55 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 03:27:54 850432 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 03:27:54 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 03:27:52 2690560 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 03:27:52 1034240 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-06 19:07:01 -------- d-----w- c:\progra~2\EA Logs
    .
    ==================== Find3M ====================
    .
    2011-03-26 23:46:00 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-03-26 23:46:00 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-03-09 03:38:59 138056 ----a-w- c:\users\user\appdata\roaming\PnkBstrK.sys
    2011-03-09 03:38:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-03-09 03:38:34 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
    2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-16 20:34:13 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-08 04:06:44 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-01-08 04:06:34 3597416 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 04:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll
    2011-01-08 04:06:02 608872 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-01-08 04:06:02 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
    2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
    2011-01-08 03:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2011-01-08 03:27:00 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
    2011-01-08 03:27:00 4941928 ----a-w- c:\windows\system32\nvcuda.dll
    2011-01-08 03:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
    2011-01-08 03:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
    2011-01-08 03:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
    2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 19:18:30.38 ===============
    Virus? Is it gone or what... Attached Files
      My Computer


  4. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #4

    sevenshotzzzz said:
    I opened up a (unupdated - 37days... No internet to update it) Malware Anti-Malware Bytes, and did a Full-scan. After 44minutes, it found nothing.
    Hi,

    Can I just clarify something : is Windows not updated for 37 days, or Malwarebytes?

    Scanning with an out-of-date database is risky and you would certainly be missing the latest malware, especially since Malwarebytes updates their malware signature database several times a day. I would update that, and redo the scan.

    Regards,
    Golden
      My Computer


  5. Posts : 32
    Windows 7
    Thread Starter
       #5

    No threats detected. Hmmmmm

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Database version: 6222

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    30/03/2011 9:45:02 PM
    mbam-log-2011-03-30 (21-45-02).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 449691
    Time elapsed: 1 hour(s), 40 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
      My Computer


  6. Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       #6

    Hi,

    Mmm...ESET and MBAM havne't picked up anything, so I'm angling towards the fact that this may not be malware related. Perhaps the problem is system-related?

    Can you please try the following, and post the results here:

    1. Open an elevated command prompt.
    2. Type sfc /scannow and hit enter.
    3. Once it finishes, post the results here.

    Also, tell us which anti-malware software is resident on your system?

    Regards,
    Golden
      My Computer


  7. Posts : 587
    Windows 7 x64
       #7

    sevenshotzzzz said:
    It seems it found nothing. It took about 2 hours to complete, and no threats were found. Weird...
    Heres a DDS log if something seems fishy... viruses shouldn't disappear!
    Since there doesn't appear to be an infection you might consider running a "Check Disk" with "automatically fix errors" enabled (you will need to reboot for the scan to run). Disk errors are one reason for the appearance of the Startup Repair application.
      My Computer


  8. Posts : 32
    Windows 7
    Thread Starter
       #8

    Well, the thing is... when I first encountered something suspicious yesterday, my computer would NEVER start. Even after about 6 tries - and that has never happened. It sort of 'seems' like a malware. Then when my computer actually started, my antivirus did not start, and I could not even open anything. On my other computer I got this email, which seems to be related as it happened on the same day from Battle.net:

    "Due to suspicious activity, the Battle.net account [my email] has been locked. To restore access to this account, please follow these steps:

    Step 1: Secure Your Computer

    In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

    Step 2: Secure Your E-mail Account

    After you have secured your computer, please create a new password for your e-mail account since it may also be compromised. Be sure to check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit this Support page.

    Step 3: Choose a New Password

    You must change your password in order to resume using this Battle.net account. Please click this link to choose a new password:

    https://www.battle.net/account/suppo...ord-reset.html

    *Note that your former password no longer grants access to Battle.net account management, World of Warcraft, or any other login-protected Battle.net account service.

    If you still have questions or concerns after following the steps above, feel free to contact Customer Support at http://us.blizzard.com/support/artic...rticleId=20606.

    Sincerely,
    The Battle.net Account Team
    Online Privacy Policy"


    It's either a coincidence.. or something else. Then I also received a virus email.
    The heading says 'confirm details to collect', and the message under says 'Slots'. I clicked on it on my brother's computer, and it showed a weird link.
    "Lets see how much money you can make at slots
    [Link here]
    I checked this on my brother's computer while I was scanning and changed my password for every account I use.

    I'll see how my CheckDisk goes.
      My Computer


  9. Posts : 32
    Windows 7
    Thread Starter
       #9

    Regarding the ChkDsk, I ticked off both the boxes (right clicked Crive, went to tools, then clicked on error check), is it supposed to be multicoloured dots coming down from the top? I believe its supposed to have numbers and shows the % of when it is done. Should I force restart as the dots are just... going by pixels.
    I just restarted my computer, and it still has those dots coming down.

    EDIT: Alright, I got to the computer with Esc. What should I do? I don't think the dots are normal.
      My Computer


  10. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #10

    I noticed you have two security programs. One active and one disabled. I would remove one completely from the computer. Then see if you can update the one you have left and scan again. Some times one security program will tune off the other even though it is disabled. My rule of the thumb is very simple. If something has turned off my security and I only have one active security program I'm infected. Have you run any registry programs??
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:43.
Find Us