Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Virus? Is it gone or what...

30 Mar 2011   #1

Windows 7
Virus? Is it gone or what...

So today, I turned on my computer and it could not turn on! There was the two options which were a startup repair thing, or start windows normally. This normally happens (only once) so I clicked the Start Windows Normally. Then that screen kept happening. On the 5-6th try, I did the first option which was the repair thing. It did not find anything and shut down. I tried it again, and it worked! But the thing is... my computer was SUPER slow, my antivirus was shut down (and could not start Malware Anti-Malware Bytes, Spybot, etc), and I had no internet!

I shut it down, and went to safe mode with no networking. I opened up a (unupdated - 37days... No internet to update it) Malware Anti-Malware Bytes, and did a Full-scan. After 44minutes, it found nothing. I restarted my computer, and logged in without safe mode. And here I am right now, my computer working PERFECTLY. I updated MBAM, Spybot, Avast, and EVERYTHING... and quick scanned. Mbam found nothing - and Spybot Search and Destroy is almost done, also found nothing...

Is my computer safe, or do I need to take extreme measures and post HiJackThis, DDS logs, etc?

EDIT: New "topic" starting on page 3

My System SpecsSystem Spec
30 Mar 2011   #2
Microsoft MVP

Windows 7 Ultimate 32bit SP1

See if Eset finds anything ...
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
30 Mar 2011   #3

Windows 7

It seems it found nothing. It took about 2 hours to complete, and no threats were found. Weird...
Heres a DDS log if something seems fishy... viruses shouldn't disappear!

DDS (Ver_11-03-05.01) - NTFSx86 
Run by User at 19:16:34.04 on 30/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3071.1647 [GMT -6:00]
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSMonitorService.exe
C:\Program Files\Acer Arcade Deluxe\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://
uSearch Bar = hxxp://
uSearch Page = hxxp://
uStart Page = hxxp://
mDefault_Page_URL = hxxp://
mStart Page = hxxp://
uSearchURL,(Default) = hxxp://
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone:\www
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\r3dnijxp.default\
FF - prefs.js: - Google
FF - prefs.js: browser.startup.homepage - hxxp://
FF - prefs.js: keyword.URL - hxxp://
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\r3dnijxp.default\extensions\\components\KeyScramblerIE.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\r3dnijxp.default\extensions\\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\r3dnijxp.default\extensions\\platform\winnt_x86-msvc\plugins\npBP4FUpdater.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Element Hiding Helper for Adblock Plus: - %profile%\extensions\
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: KeyScrambler: - %profile%\extensions\
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Battlefield Heroes Updater: - %profile%\extensions\
FF - Ext: Battlefield Play4Free: - %profile%\extensions\
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
============= SERVICES / DRIVERS ===============
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-25 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-6 301528]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-6 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-6 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-25 42184]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-8-19 75048]
R2 CyberLink Media Server Monitor Service;CyberLink Media Server Monitor Service;c:\program files\acer arcade deluxe\acer homemedia connect\kernel\dms\CLMSMonitorService.exe [2009-8-19 58664]
R2 CyberLink Media Server Service;CyberLink Media Server Service;c:\program files\acer arcade deluxe\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-8-19 288120]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-10-31 312152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-3-18 88176]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-21 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-4-7 223960]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-4-4 114952]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-9-26 21920]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S2 0228361300490238mcinstcleanup;McAfee Application Installer Cleanup (0228361300490238);c:\windows\temp\022836~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\022836~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 hpusbwdm;HP DVD Movie Writer;c:\windows\system32\drivers\hpusbwdm.sys [2003-12-31 1080832]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-1-23 28800]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
=============== Created Last 30 ================
2011-03-30 18:54:29 -------- d-----w- c:\program files\ESET
2011-03-30 18:34:56 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4beb86d2-ab5a-44cb-8999-a9ac19869803}\mpengine.dll
2011-03-29 02:36:01 -------- d-----w- c:\users\user\appdata\roaming\NeopleLauncherDFO
2011-03-19 22:30:02 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-19 22:27:51 -------- d-----w- c:\windows\system32\SPReview
2011-03-09 03:27:57 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 03:27:57 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 03:27:56 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 03:27:55 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 03:27:55 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 03:27:54 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 03:27:54 199680 ----a-w- c:\windows\system32\
2011-03-09 03:27:52 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 03:27:52 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-06 19:07:01 -------- d-----w- c:\progra~2\EA Logs
==================== Find3M ====================
2011-03-26 23:46:00 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-26 23:46:00 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-09 03:38:59 138056 ----a-w- c:\users\user\appdata\roaming\PnkBstrK.sys
2011-03-09 03:38:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-09 03:38:34 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-16 20:34:13 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 04:06:44 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 04:06:34 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 04:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 04:06:02 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 04:06:02 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27:00 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
============= FINISH: 19:18:30.38 ===============

Attached Files
File Type: zip (3.9 KB, 21 views)
My System SpecsSystem Spec

30 Mar 2011   #4
Microsoft MVP

Windows 7 Ult. x64

Quote   Quote: Originally Posted by sevenshotzzzz View Post
I opened up a (unupdated - 37days... No internet to update it) Malware Anti-Malware Bytes, and did a Full-scan. After 44minutes, it found nothing.

Can I just clarify something : is Windows not updated for 37 days, or Malwarebytes?

Scanning with an out-of-date database is risky and you would certainly be missing the latest malware, especially since Malwarebytes updates their malware signature database several times a day. I would update that, and redo the scan.

My System SpecsSystem Spec
30 Mar 2011   #5

Windows 7

No threats detected. Hmmmmm

Malwarebytes' Anti-Malware

Database version: 6222

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/03/2011 9:45:02 PM
mbam-log-2011-03-30 (21-45-02).txt

Scan type: Full scan (C:\|)
Objects scanned: 449691
Time elapsed: 1 hour(s), 40 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
My System SpecsSystem Spec
31 Mar 2011   #6
Microsoft MVP

Windows 7 Ult. x64


Mmm...ESET and MBAM havne't picked up anything, so I'm angling towards the fact that this may not be malware related. Perhaps the problem is system-related?

Can you please try the following, and post the results here:

1. Open an elevated command prompt.
2. Type sfc /scannow and hit enter.
3. Once it finishes, post the results here.

Also, tell us which anti-malware software is resident on your system?

My System SpecsSystem Spec
31 Mar 2011   #7

Windows 7 x64

Quote   Quote: Originally Posted by sevenshotzzzz View Post
It seems it found nothing. It took about 2 hours to complete, and no threats were found. Weird...
Heres a DDS log if something seems fishy... viruses shouldn't disappear!
Since there doesn't appear to be an infection you might consider running a "Check Disk" with "automatically fix errors" enabled (you will need to reboot for the scan to run). Disk errors are one reason for the appearance of the Startup Repair application.
My System SpecsSystem Spec
31 Mar 2011   #8

Windows 7

Well, the thing is... when I first encountered something suspicious yesterday, my computer would NEVER start. Even after about 6 tries - and that has never happened. It sort of 'seems' like a malware. Then when my computer actually started, my antivirus did not start, and I could not even open anything. On my other computer I got this email, which seems to be related as it happened on the same day from

"Due to suspicious activity, the account [my email] has been locked. To restore access to this account, please follow these steps:

Step 1: Secure Your Computer

In the event that your computer has been infected with malicious software such as a keylogger or trojan, simply changing your password may not deter future attacks without first ensuring that your computer is free from these programs. Please visit our Account Security website to learn how to secure your computer from unauthorized access.

Step 2: Secure Your E-mail Account

After you have secured your computer, please create a new password for your e-mail account since it may also be compromised. Be sure to check your e-mail filters and rules and look for any e-mail forwarding rules that you did not create. For more information on securing your e-mail account, visit this Support page.

Step 3: Choose a New Password

You must change your password in order to resume using this account. Please click this link to choose a new password:

*Note that your former password no longer grants access to account management, World of Warcraft, or any other login-protected account service.

If you still have questions or concerns after following the steps above, feel free to contact Customer Support at

The Account Team
Online Privacy Policy"

It's either a coincidence.. or something else. Then I also received a virus email.
The heading says 'confirm details to collect', and the message under says 'Slots'. I clicked on it on my brother's computer, and it showed a weird link.
"Lets see how much money you can make at slots
[Link here]
I checked this on my brother's computer while I was scanning and changed my password for every account I use.

I'll see how my CheckDisk goes.
My System SpecsSystem Spec
31 Mar 2011   #9

Windows 7

Regarding the ChkDsk, I ticked off both the boxes (right clicked Crive, went to tools, then clicked on error check), is it supposed to be multicoloured dots coming down from the top? I believe its supposed to have numbers and shows the % of when it is done. Should I force restart as the dots are just... going by pixels.
I just restarted my computer, and it still has those dots coming down.

EDIT: Alright, I got to the computer with Esc. What should I do? I don't think the dots are normal.
My System SpecsSystem Spec
31 Mar 2011   #10
Layback Bear

Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64

I noticed you have two security programs. One active and one disabled. I would remove one completely from the computer. Then see if you can update the one you have left and scan again. Some times one security program will tune off the other even though it is disabled. My rule of the thumb is very simple. If something has turned off my security and I only have one active security program I'm infected. Have you run any registry programs??
My System SpecsSystem Spec

 Virus? Is it gone or what...

Thread Tools

Similar help and support threads
Thread Forum
Locker 1.2 Virus. Help 70 hours left! Encryption virus. What steps should I take ? How do I resolve this issue
System Security
Possible Memory Leak Virus - Anti-virus detects nothing?
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
Performance & Maintenance
how to fix / clean windows from ramnit virus and virut virus?
my windows infected ramnit virus and virut virus,how to clean them?
System Security
I have a virus and unable to run/download anti-virus software
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:18.
Twitter Facebook Google+