Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"There was a problem starting NVCPL.dll" on boot in Windows


  • This topic is locked This topic is locked
5 replies to this topic

#1 Xarchon

Xarchon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 06 January 2014 - 03:43 PM

Hello, first time poster here but I'm about out of ideas with this one.

 

About three days ago I started getting this error on booting into windows:

 

Rundll error "There was a problem starting Nvcpl.dll Operation did not complete successfully because the file contains a virus" This is Windows 7 x64.

 

I have tried uninstalling/reinstalling the Nvidia drivers and deleting/replacing the nvcpl.dll with older/newer versions to no avail. In addition it appears that any restore points I had in the last month have been erased.

 

Other symptons include most of my startup programs not loading (Avast AV is usually the only one that will consistently), and when trying to open any program via shortcut it will usually say first "Can't open this item, it may have been moved, renamed, deleted, etc.", but then trying to open it a second time usually yields an error reponse like this: "C:\Program Files\Example.exe The parameter is incorrect."

 

And then mysteriously after that, some of the programs will open just fine, i.e. Firefox, antivirus, exe's, shortcuts, etc. But, this does not "work" for all of them. Almost as if registry entries are being deleted or ignored.

 

The computer boots fine in Safe Mode, with no pop up errors, and no difficulty opening programs (other than ones which do not open in Safe Mode anyway). I realize the nvcpl.dll is for Nvidia display properties, so that probably has something to do with it.

 

Programs I normally have up and running for defense are Avast AV, Commodo Firewall/Defense, and Superantispyware.

 

Programs I have run in an attempt to resolve this: Avast full scan (In Normal, Safe Mode, And boot) Malwarebytes full scan (In Normal and Safe Mode), Trojan Killer, Rogue Killer, Tdsskiller, Hitmanpro, Superantispyware, AdwCleaner, Malwarebytes Anti-Rootkit, Kaspersky rescue cd (usb format), Avg rescue cd (usb format).

 

Any help would be most appreciated!

 

Here is my DDS log (deleted my name):

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2

Run by (name deleted) at 13:56:17 on 2014-01-06

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Windows NT\Accessories\wordpad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\msconfig.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Users\deleted\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

mDefault_Page_URL = hxxp://www.google.com

BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

TCP: Interfaces\{0D212392-B1A2-41DE-9D60-66C6F5B3FA4A} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{0D212392-B1A2-41DE-9D60-66C6F5B3FA4A}\75869637B656270224F69737D27657563747 : DHCPNameServer = 192.168.7.254

TCP: Interfaces\{C8AACF31-0A6A-4E5E-8FBD-E55EF033E114} : DHCPNameServer = 7.254.254.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = about:blank

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [CCE] "C:\Users\deleted\Downloads\cce_2.5.242177.201_x64\CCE\CCE.exe" -continue

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\deleted\AppData\Roaming\Mozilla\Firefox\Profiles\zuc88dzz.default-1348953272303\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\deleted\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Users\deleted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\deleted\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\deleted\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\deleted\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R? ALSysIO;ALSysIO

R? aswStm;aswStm

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service

R? dmvsc;dmvsc

R? Hamachi2Svc;LogMeIn Hamachi Tunneling Engine

R? IEEtwCollectorService;Internet Explorer ETW Collector Service

R? LVRS64;Logitech RightSound Filter Driver

R? LVUVC64;Logitech QuickCam E3500(UVC)

R? mbamchameleon;mbamchameleon

R? MBAMSwissArmy;MBAMSwissArmy

R? RdpVideoMiniport;Remote Desktop Video Miniport Driver

R? SkypeUpdate;Skype Updater

R? StorSvc;Storage Service

R? TrojanKillerDriver;GridinSoft Trojan Killer Driver

R? TsUsbFlt;TsUsbFlt

R? TsUsbGD;Remote Desktop Generic USB Device

R? TunngleService;TunngleService

R? WatAdminSvc;Windows Activation Technologies Service

R? WinRing0_1_2_0;WinRing0_1_2_0

S? !SASCORE;SAS Core Service

S? AdvancedSystemCareService6;Advanced SystemCare Service 6

S? aswMonFlt;aswMonFlt

S? aswRvrt;avast! Revert

S? aswSnx;aswSnx

S? aswSP;aswSP

S? aswVmm;avast! VM Monitor

S? avast! Antivirus;avast! Antivirus

S? avc3;avc3

S? avckf;avckf

S? cmdGuard;COMODO Internet Security Sandbox Driver

S? cmdHlp;COMODO Internet Security Helper Driver

S? dtsoftbus01;DAEMON Tools Virtual Bus Driver

S? gzflt;gzflt

S? gzserv;Bitdefender Antivirus Free Edition

S? LMIGuardianSvc;LMIGuardianSvc

S? LVPr2M64;Logitech LVPr2M64 Driver

S? LVPrcS64;Process Monitor

S? RTL8167;Realtek 8167 NT Driver

S? SASDIFSV;SASDIFSV

S? SASKUTIL;SASKUTIL

S? SmartDefragDriver;SmartDefragDriver

S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service

S? tap0901t;TAP-Win32 Adapter V9 (Tunngle)

.

=============== Created Last 30 ================

.

.

==================== Find3M  ====================

.

2014-01-05 21:33:37    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys

2014-01-05 07:11:34    261056    ----a-w-    C:\Windows\System32\drivers\avchv.sys

2014-01-03 17:10:15    79672    ----a-w-    C:\Windows\System32\drivers\aswstm.sys

2014-01-03 17:09:42    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys

2014-01-03 17:09:42    422216    ----a-w-    C:\Windows\System32\drivers\aswSP.sys

2014-01-03 17:09:42    334136    ----a-w-    C:\Windows\System32\aswBoot.exe

2014-01-03 17:09:42    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys

2014-01-03 17:09:42    1034464    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys

2014-01-03 17:09:38    43152    ----a-w-    C:\Windows\avastSS.scr

2013-12-11 20:39:24    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-11 20:39:24    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe

2013-12-01 20:42:38    90708896    ----a-w-    C:\Windows\System32\MRT.exe

2013-11-26 18:25:52    267936    ------w-    C:\Windows\System32\MpSigStub.exe

2013-11-26 11:54:49    23183360    ----a-w-    C:\Windows\System32\mshtml.dll

2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb

2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll

2013-11-26 10:11:50    17112576    ----a-w-    C:\Windows\SysWow64\mshtml.dll

2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll

2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll

2013-11-26 09:41:43    2764288    ----a-w-    C:\Windows\System32\iertutil.dll

2013-11-26 09:29:38    53760    ----a-w-    C:\Windows\System32\jsproxy.dll

2013-11-26 09:27:54    33792    ----a-w-    C:\Windows\System32\iernonce.dll

2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb

2013-11-26 09:21:24    574976    ----a-w-    C:\Windows\System32\ieui.dll

2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe

2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe

2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll

2013-11-26 08:57:44    218624    ----a-w-    C:\Windows\System32\ie4uinit.exe

2013-11-26 08:38:54    2166784    ----a-w-    C:\Windows\SysWow64\iertutil.dll

2013-11-26 08:38:07    43008    ----a-w-    C:\Windows\SysWow64\jsproxy.dll

2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll

2013-11-26 08:32:08    440832    ----a-w-    C:\Windows\SysWow64\ieui.dll

2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll

2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll

2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl

2013-11-26 07:48:24    12996608    ----a-w-    C:\Windows\System32\ieframe.dll

2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl

2013-11-26 07:26:42    11221504    ----a-w-    C:\Windows\SysWow64\ieframe.dll

2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll

2013-11-26 06:40:01    1395200    ----a-w-    C:\Windows\System32\urlmon.dll

2013-11-26 06:34:55    703488    ----a-w-    C:\Windows\SysWow64\ieapfltr.dll

2013-11-26 06:34:27    817664    ----a-w-    C:\Windows\System32\ieapfltr.dll

2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll

2013-11-26 06:27:32    1157632    ----a-w-    C:\Windows\SysWow64\urlmon.dll

2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll

2013-11-19 02:24:14    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys

2013-11-19 02:24:07    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys

2013-11-13 15:05:12    16640    ----a-w-    C:\Windows\System32\drivers\gtkdrv.sys

2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll

2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll

2013-11-11 15:02:02    6674208    ----a-w-    C:\Windows\System32\nvcpl.dll

2013-11-11 15:02:02    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll

2013-11-11 15:01:59    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe

2013-11-11 15:01:59    63776    ----a-w-    C:\Windows\System32\nvshext.dll

2013-11-11 15:01:59    219424    ----a-w-    C:\Windows\System32\nvmctray.dll

2013-11-11 14:59:28    590112    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe

2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll

2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll

2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys

2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll

2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll

2013-10-15 00:00:00    28368    ----a-w-    C:\Windows\System32\IEUDINIT.EXE

2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx

2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll

2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx

2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll

2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe

2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe

2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe

2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe

.

============= FINISH: 13:57:01.63 ===============

Edited by Xarchon, 06 January 2014 - 03:54 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,920 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 11 January 2014 - 08:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.


p.s.
This tool can be executed in safe mode if you must.

#3 Xarchon

Xarchon
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 15 January 2014 - 03:49 PM

Hello, got internet back up and running. Here are the two FRST logs, ran in safe mode:

 

FRST.txt

 

Spoiler

 

Addition.txt

 

Spoiler

 

Since my original post I have not had any luck locating the culprit until today. I did some digging around and uninstalled Avast Free edition completely. After the uninstall and reboot I am no longer getting error messages/programs are loading without a hitch. I have not reinstalled it since these logs, and am currently running with Bitdefender. However I'd still like to run some tests to be sure it was something Avast was doing to interfere with my system.


Edited by Xarchon, 15 January 2014 - 03:49 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,920 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 16 January 2014 - 10:17 AM


This program is installed in a \Temp folder. If you ever clean your \temp folders it will be deleted.
I suggest you move it to a new folder . Call it whay you want.
(Igor Pavlov) C:\Users\Kevin\AppData\Local\Temp\sevnz.exe
C:\Users\Kevin\AppData\Local\Temp\7z.dll
C:\Users\Kevin\AppData\Local\Temp\sevnz.exe

===


Something bad happened on 2014-01-05 at 15:24 most of your .sys files were renamed .sys.bat
You posted you request for help the day after.

Do you remember having downloaded and run a program on Jan 5?
===

Let see if by any chance if the good files were saved to a temporary folder.
Just checking for a few of them.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    volmgr.*
    tcpip.*
    netbios.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.[/*
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,920 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 22 January 2014 - 09:26 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,920 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 28 January 2014 - 09:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users