Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Essexboy quick help please [Solved]


  • This topic is locked This topic is locked

#1
piapancudo

piapancudo

    Member

  • Member
  • PipPip
  • 21 posts
Hello,

As i say on the thread title, i would like a quick help, and i ask for Essexboy cause he helped me before and was quite fast and helpful.

Well, this is basically just to clear my head as i dont think i have virus/malware, but some unusual stuff happened i decided to post here and seek help to ease my mind. Ill try to explain what is going on the best way that i can.

First i should say some time ago(months) i was doing a regular avast scan and it found some infected files that were old java 6 temporary files, so i searched on some forums about similar issues and i cleared the java cache and re-scanned the computer and avast found nothing.

So, everything was running smooth. Until 1 week or 2 weeks ago i got prompted to update my java, so i did. And here is where some unusual things started happening.

After i updated java, i dont remember if i reset right after or if it was the next time i turned on the pc, but Windows Update found a bunch(i think it was close to 20 the first time and then found about 10 more) of updates, and they were all "old" updates from april 2012 or close to it, which i found weird cause i put a new hd on my pc after april and windows was installed later than that(obv when i switched hds) and Windows Update was running during this whole time and never found such updates. Were mostly about Windows Office(security updates and office sp3 stuff, and some others)

After that happened i also got prompted a couple of times by Windows Defender to send a few files to them, if i remember correctly were 2 files the first time and one file the second time. They said something along the lines that it was to help improve security and stuff like that, but i didnt send the files on both occasions. I remember that 2 of those files were related to firefox, i think one was the uninstaller but i dont remember the other files. That was unusual because of all the time i used windows 7 i never got that message from the Windows Defender.

Another tiny thing too is that when i opened a software and UAC would prompt me if i wanted to open that software or not, it would ALWAYS blink the little shield icon on the task bar, but now sometimes it doesnt flash the icon on the task bar but i get prompted like usual.


So, thats it. I havent noticed any slowness or anything else of much importance out of the ordinary.

I use the free version of avast, its version 7.0.1466. I ran a full scan and also a boot time scan and it found nothing. I also ran a quick scan and a full scan on MBAM and it also found nothing.

So i just wanted a little piece of mind, so i decided to post my problem here. Hope this isnt too long and too annoying for nothing, but better be safe than sorry.

I also did as the initial guide says and ran the quick scan on OTL. Ill post the OTL.txt log at the end of the message.

Ok, thats it. Thanks in advance for the help, i really appreciate it. If theres anything you didnt understand or that i explained poorly, just let me know and ill try to explain better.

Thanks

And heres the OTL.txt log:

OTL logfile created on: 31/10/2012 03:54:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TONDO\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,94 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 52,09% Memory free
3,87 Gb Paging File | 2,71 Gb Available in Paging File | 69,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 300,45 Gb Free Space | 64,52% Space Free | Partition Type: NTFS

Computer Name: DIEGO | User Name: TONDO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/31 03:45:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TONDO\Desktop\OTL.exe
PRC - [2012/10/27 21:33:56 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2012/10/18 20:39:04 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/08/21 07:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 07:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/20 15:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/07/27 18:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/25 03:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/28 03:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\pg_ctl.exe
PRC - [2011/01/28 03:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- c:\postgreSQL\bin\postgres.exe
PRC - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 10:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 21:33:55 | 002,295,264 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll
MOD - [2012/10/18 20:39:04 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2007/05/22 11:59:22 | 000,128,512 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012/10/27 21:33:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/21 07:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 18:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 14:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 15:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Arquivos de Programas\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/03/28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/01/28 03:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- c:\postgreSQL\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/11/20 10:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2012/08/23 12:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 12:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/08/21 07:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 07:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 07:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 07:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 07:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/21 07:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 10:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 10:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 10:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 07:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 07:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 21:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 20:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/10 19:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 3F 5A B2 F3 5B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com.br"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/29 13:08:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 21:33:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 21:33:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 21:33:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 21:33:52 | 000,000,000 | ---D | M]

[2012/07/07 17:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TONDO\AppData\Roaming\mozilla\Extensions
[2012/10/24 13:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TONDO\AppData\Roaming\mozilla\Firefox\Profiles\5uy8dh98.default\extensions
[2012/10/27 21:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2012/10/27 21:33:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 13:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/08/31 14:19:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 17:59:27 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 19:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [CPN Notifier] C:\Poker\Poker Rooms\Lock Poker\PokerNotifier.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABAEA7B8-4F89-4114-A151-BBD989FD0F7D}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABAEA7B8-4F89-4114-A151-BBD989FD0F7D}: NameServer = 200.175.5.139,200.175.89.139
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 03:45:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TONDO\Desktop\OTL.exe
[2012/10/27 21:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/24 03:35:42 | 000,000,000 | ---D | C] -- C:\Users\TONDO\AppData\Roaming\Malwarebytes
[2012/10/24 03:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/24 03:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/24 03:35:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/24 03:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/19 17:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[2012/10/03 04:22:32 | 000,000,000 | ---D | C] -- C:\Users\TONDO\AppData\Roaming\avidemux

========== Files - Modified Within 30 Days ==========

[2012/10/31 03:45:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TONDO\Desktop\OTL.exe
[2012/10/30 12:24:10 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 12:24:10 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 12:23:02 | 000,703,316 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2012/10/30 12:23:02 | 000,651,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/30 12:23:02 | 000,146,102 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2012/10/30 12:23:02 | 000,120,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/30 12:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/30 12:16:40 | 1559,928,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/18 21:21:57 | 000,410,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/10/30 18:33:32 | 000,001,110 | ---- | C] () -- C:\Users\TONDO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverestPoker.com.lnk
[2012/07/07 02:28:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/07/07 02:26:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/07/07 02:01:19 | 000,215,644 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/05/09 12:40:26 | 004,818,944 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/03/22 23:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/10 00:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/12/08 00:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll

========== ZeroAccess Check ==========

[2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 10:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/03 05:33:01 | 000,000,000 | ---D | M] -- C:\Users\TONDO\AppData\Roaming\avidemux
[2012/07/08 01:28:24 | 000,000,000 | ---D | M] -- C:\Users\TONDO\AppData\Roaming\HEM Data
[2012/10/30 17:48:59 | 000,000,000 | ---D | M] -- C:\Users\TONDO\AppData\Roaming\HoldemManager
[2012/07/15 04:41:31 | 000,000,000 | ---D | M] -- C:\Users\TONDO\AppData\Roaming\PacificPoker
[2012/08/12 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\TONDO\AppData\Roaming\Party
[2012/07/08 01:32:01 | 000,000,000 | ---D | M] -- C:\Users\TONDO\AppData\Roaming\Roaming
[2012/10/17 13:16:12 | 000,000,000 | ---D | M] -- C:\Users\TONDO\AppData\Roaming\uTorrent
[2012/07/07 01:02:31 | 000,000,000 | ---D | M] -- C:\Users\TONDO\AppData\Roaming\Win7codecs

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi when you installed on the new HDD was it using a retail copy of windows or was it a manufacturers restore disc ?

The first thing that jumps out at me is that I do not see Java installed any where apart from firefox ..

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.

  • 0

#3
piapancudo

piapancudo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
To answer your first question: i actually dont know. I use this computer store and the guy i buy stuff from also installed windows for me, so im not sure if he was using a retail copy of windows or it was a manufacturers restore disc.

you say that "If using IE8 or better Smartscreen Filter will need to be disabled". I have IE 9.0.8112.16421 installed, but its not the one i use, i use firefox. firefox is the browser set as the default browser. Also, I dont know where to disable that Smartscreen Filter if its interfering with something on the scan.

I scanned and here is the RogueKiller report:

RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : TONDO [Admin rights]
Mode : Scan -- Date : 10/31/2012 12:45:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{ABAEA7B8-4F89-4114-A151-BBD989FD0F7D} : NameServer (200.175.5.139,200.175.89.139) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{ABAEA7B8-4F89-4114-A151-BBD989FD0F7D} : NameServer (200.175.5.139,200.175.89.139) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST500DM0 02-1BD142 SCSI Disk Device +++++
--- User ---
[MBR] 2e55de4543397a7dcfa13746b01a8c4d
[BSP] e8ba51b9e4fc0c6686bcf9dcbef6b1d0 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476836 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing showing there which is good..

Lets check the windows files now

Start an elevated command prompt

Go Start > All Programs > Accessories
Right Click Command Prompt and select Run as Administrator
In the black box type the following :

SFC /scannow

On completion could you let me know what problems are still apparent
  • 0

#5
piapancudo

piapancudo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
i ran that last scan and i got a message saying that it did not find any integrity violation(im translating from portuguese, so it may be a little different than the message it would show in a windows running in english, but i think its about the same thing)

to answer ur last question on ur response: Like i said, there are not any significant problems. Aside from those unusual incidents like windows update finding old updates and windows defender asking me to send a few files for some reason, i havent noticed any unusual system slowness or any crashes or anything. PC seems to be working normal, just those incidents seemed odd to me and i thought i might have something bad on my pc.

I will let you know if anything like that happens again on the next few days.

Apparently i dont have any infections on my pc, am i correct ?

Anything else i should do ?

Thanks for all your help again.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is no apparent malware showing.. Let it run for a day or so and then let me know of anything weird that happens
  • 0

#7
piapancudo

piapancudo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
alright, will do

Thanks again
  • 0

#8
piapancudo

piapancudo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
just a quick question.

When i ran the RogueKiller scan, on those series of tabs on the lower half of it, it showed a few items as "FOUND" and the word found was inside a green colored box.

It found 2 on the "Registry" tab, 2 on the "DNS" tab, and a bunch on the "Driver" tab. All of those are normal things to be found ? What i mean is, those arent anything bad, correct ?

Thanks
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No nothing to be concerned about
  • 0

#10
piapancudo

piapancudo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
nothing happened these last days ... i did remember something else kind of weird that happened during one day. What happened is that no matter how many times i cleared the cookies on firefox, there was always one that kept showing on the list everytime i started firefox again, if i remember correctly was from download.mozilla.org. But later that day or it was the next day, i dont remember exactly, i cleared the cookies again and it didnt appear on the list anymore, so i thought that was kinda weird too.

But i guess its nothing, since u didnt find anything

Thanks
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run OTL and hit the cleanup button to remove it

I will monitor for a few more days though
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP