Author Topic: Real threat or false positive (with Avast 5)?  (Read 19662 times)

0 Members and 1 Guest are viewing this topic.

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #15 on: August 22, 2010, 02:44:13 AM »
OTL, part 6



NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\System32\WMI.DLL (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619700398653440)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/08/21 19:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\My Documents\otl
[2010/08/21 16:23:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\guest2\Recent
[2010/08/21 15:55:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/21 11:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\DoctorWeb
[2010/08/21 11:05:37 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/21 11:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\My Documents\New Folder
[2010/08/20 20:29:34 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/08/16 23:14:34 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/16 23:14:34 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/16 23:14:32 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/16 23:14:31 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/16 23:14:30 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/16 23:14:30 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/16 23:14:29 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/16 23:13:23 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/16 23:13:22 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/16 23:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/16 17:51:50 | 000,000,000 | ---D | C] -- C:\Temp
[2010/08/16 17:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\Application Data\Digital Album Organizer
[2010/08/16 17:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\Application Data\Wal-Mart Digital Photo Viewer
[2010/08/03 19:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/08/03 19:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP3
[2010/07/28 14:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/07/12 20:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\Application Data\Stella
[2010/07/12 20:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stella
[2010/07/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\Application Data\vlc
[2010/06/27 13:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/27 01:19:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/06/23 22:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/23 22:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/23 22:20:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/23 22:19:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/23 22:19:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/23 15:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/17 21:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/06/17 21:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/06/13 19:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/06/08 11:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/03 01:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/01 22:50:56 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/05/28 17:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #16 on: August 22, 2010, 02:45:49 AM »
OTL, part 7


========== Files - Modified Within 90 Days ==========
 
[2010/08/21 18:53:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1784066151-926666739-2172271728-1007UA.job
[2010/08/21 18:22:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/21 15:55:57 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/21 15:55:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 15:55:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/21 15:55:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/21 15:55:07 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 11:34:23 | 014,680,064 | -H-- | M] () -- C:\Documents and Settings\guest2\NTUSER.DAT
[2010/08/21 11:33:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\guest2\NTUSER.INI
[2010/08/21 11:15:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/21 11:05:37 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/20 22:53:14 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1784066151-926666739-2172271728-1007Core.job
[2010/08/20 21:06:32 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Google Chrome.lnk
[2010/08/20 11:48:01 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\guest2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 10:09:24 | 000,416,778 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/08/16 23:14:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/16 23:14:30 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/11 14:03:48 | 000,416,571 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100820-100924.backup
[2010/08/03 21:33:24 | 000,966,656 | -H-- | M] () -- C:\Documents and Settings\guest2\My Documents\photothumb.db
[2010/08/03 19:11:12 | 000,000,073 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/08/03 19:00:46 | 000,001,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/03 19:00:25 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\FreeRIP.lnk
[2010/07/28 14:24:15 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Any Video Converter.lnk
[2010/07/28 14:19:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\CCleaner.lnk
[2010/07/25 13:06:47 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\mcs.rma
[2010/07/25 13:06:47 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\570BB0
[2010/07/18 12:08:08 | 000,412,044 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100811-140348.backup
[2010/07/08 15:35:34 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/07/08 15:27:18 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Doctor.lnk
[2010/07/08 15:22:07 | 000,411,842 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100718-120808.backup
[2010/07/08 15:12:57 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/07/08 15:05:20 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/08 15:04:35 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\ZoneAlarm Security.lnk
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 15:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/24 16:34:07 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/24 16:23:00 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 22:36:10 | 000,408,505 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100708-152207.backup
[2010/06/23 22:25:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/23 22:08:38 | 000,000,800 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100623-223610.backup
[2010/06/23 22:08:18 | 000,000,800 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100623-220837.backup
[2010/06/23 21:53:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/23 16:01:25 | 000,408,517 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100623-220818.backup
[2010/06/23 15:45:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/16 16:59:45 | 000,408,391 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100623-160125.backup
[2010/06/14 11:08:41 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Spybot - Search & Destroy.lnk
[2010/06/13 19:39:35 | 000,404,329 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100616-165945.backup
[2010/06/13 19:36:21 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Speccy.lnk
[2010/06/10 10:02:18 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 11:51:16 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/07 11:48:38 | 000,403,630 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100613-193935.backup
[2010/06/03 01:38:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\SpywareBlaster.lnk
[2010/06/03 01:32:27 | 000,403,630 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100607-114838.backup
[2010/05/31 22:37:54 | 002,641,454 | -H-- | M] () -- C:\Documents and Settings\guest2\Local Settings\Application Data\IconCache.db
[2010/05/28 17:37:33 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Recuva.lnk

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #17 on: August 22, 2010, 02:46:24 AM »
OTL, part 8



========== Files Created - No Company Name ==========
 
[2010/08/16 23:14:35 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/16 22:56:53 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/03 19:01:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/08/03 19:00:46 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/03 19:00:25 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\FreeRIP.lnk
[2010/07/28 14:24:15 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\Any Video Converter.lnk
[2010/07/08 15:35:34 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/07/08 15:04:35 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\ZoneAlarm Security.lnk
[2010/07/08 15:04:18 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/24 16:23:00 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/24 16:23:00 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 15:45:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/13 19:36:21 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\Speccy.lnk
[2010/06/08 11:51:16 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/08 11:42:26 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/03 01:38:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\SpywareBlaster.lnk
[2010/05/28 17:37:33 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\Recuva.lnk
[2010/02/07 20:59:44 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/08/24 14:41:00 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/04/25 16:26:17 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\guest2\Application Data\570BB0
[2009/04/25 16:26:16 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\guest2\Application Data\mcs.rma
[2009/04/19 17:08:51 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\guest2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 12:21:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/01/02 19:05:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/25 20:05:37 | 000,002,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/25 17:47:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/26 17:09:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\wdt2u.dll
[2005/04/27 20:02:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pcrrtxtc.dll
[2005/02/06 08:55:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/06 08:48:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/06 08:15:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/18 13:01:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/09/22 15:35:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #18 on: August 22, 2010, 02:47:03 AM »
OTL, part 9



========== LOP Check ==========
 
[2010/08/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/03 19:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/03/14 11:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2005/02/06 08:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2009/04/20 02:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/17 18:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 08:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 21:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/07 08:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/27 00:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\.BitTornado
[2009/12/05 10:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\AnvSoft
[2010/02/12 11:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Any Video Converter
[2009/04/21 15:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\COWON
[2009/05/01 09:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\dBpoweramp
[2009/11/18 18:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Greyfirst
[2010/02/23 20:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Mael
[2009/06/12 18:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\SecondLife
[2010/07/12 20:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Stella
[2009/12/02 22:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Thunderbird
[2010/08/16 17:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Wal-Mart Digital Photo Viewer
[2008/10/15 03:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\true_til_death\Application Data\FrostWire
[2009/03/14 11:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\true_til_death\Application Data\HotSync
[2008/11/04 09:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\true_til_death\Application Data\Viewpoint

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #19 on: August 22, 2010, 02:47:46 AM »
OTL, part 10



========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/20 11:00:56 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/02/06 08:20:34 | 000,004,711 | RH-- | M] () -- C:\DELL.SDR
[2010/08/21 15:55:07 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/03 13:12:49 | 000,000,863 | ---- | M] () -- C:\hpfr3500.log
[2004/08/10 14:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/02/06 08:53:47 | 000,000,746 | -H-- | M] () -- C:\IPH.PH
[2010/04/30 14:10:51 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\NTLDR
[2010/08/21 15:55:06 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/08/21 15:56:41 | 000,001,530 | ---- | M] () -- C:\SMax.log
[2005/02/06 08:37:02 | 000,001,528 | ---- | M] () -- C:\SMax.log.bak
[2005/02/06 08:53:56 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2009/01/15 09:29:17 | 000,000,150 | ---- | M] () -- C:\YServer.txt
 
< %systemroot%\Fonts\*.com >
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/08/10 14:04:12 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/04/18 10:53:15 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 04:10:36
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #20 on: August 22, 2010, 02:49:06 AM »
Extras, part 1



OTL Extras logfile created on: 8/21/2010 6:38:26 PM - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Documents and Settings\guest2\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 209.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.50 Gb Total Space | 13.66 Gb Free Space | 19.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GUEST
Current User Name: guest2
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1784066151-926666739-2172271728-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #21 on: August 22, 2010, 02:50:30 AM »
Extras, part 2



========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- File not found
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #22 on: August 22, 2010, 02:51:06 AM »
Extras, part 3


"7-Zip" = 7-Zip 4.65
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.7
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"AoA Video Joiner_is1" = AoA Video Joiner
"avast5" = avast! Free Antivirus
"BitTornado" = BitTornado 0.3.18
"CCleaner" = CCleaner
"Celtx (2.5.1)" = Celtx (2.5.1)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comcast Rhapsody" = Comcast Rhapsody
"dBpoweramp AIFF Codec" = dBpoweramp AIFF Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DellSupport" = Dell Support 5.0.0 (630)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MyWaySearchAssistantDE" = My Way Search Assistant
"Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoScape" = PhotoScape
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Recuva" = Recuva
"SecondLife" = SecondLife (remove only)
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Stella_is1" = Stella 3.1.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.0
"WAVSPLIT210_is1" = Wave Splitter 2.10
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1784066151-926666739-2172271728-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/19/2010 3:56:39 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 4:25:43 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 4:56:43 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 5:57:00 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 6:56:40 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 10:25:50 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/21/2010 3:56:39 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/21/2010 4:25:42 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/21/2010 5:56:46 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/21/2010 6:56:41 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 8/21/2010 12:37:07 PM | Computer Name = GUEST | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
 the kernel-mode translation module.  This may indicate misconfiguration, insufficient
 resources, or  an internal error.  The data is the error code.
 
Error - 8/21/2010 12:38:09 PM | Computer Name = GUEST | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the  Network Card with network address 001111C440B1.
 
Error - 8/21/2010 12:38:58 PM | Computer Name = GUEST | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the  Network Card with network address 001111C440B1.
 
Error - 8/21/2010 4:37:10 PM | Computer Name = GUEST | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 8/21/2010 4:55:10 PM | Computer Name = GUEST | Source = Dhcp | ID = 1002
Description = The IP address lease 67.175.218.139 for the Network Card with network
 address 001111C440B1 has been  denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).
 
Error - 8/21/2010 4:55:49 PM | Computer Name = GUEST | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
 following error:   %%3
 
Error - 8/21/2010 4:55:49 PM | Computer Name = GUEST | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
 
Error - 8/21/2010 4:56:34 PM | Computer Name = GUEST | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the  Network Card with network address 001111C440B1.
 
Error - 8/21/2010 4:56:58 PM | Computer Name = GUEST | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the  Network Card with network address 001111C440B1.
 
Error - 8/21/2010 4:57:37 PM | Computer Name = GUEST | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
 00000000, parameter4 804f217b.
 
 
< End of report >

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37491
  • Not a avast user
Re: Real threat or false positive (with Avast 5)?
« Reply #23 on: August 22, 2010, 02:53:38 AM »
Quote
I ran otl, and I'll post the logs here (though I'll probably have to break them up to meet the character limit).
and that is why i posted this in my reply #6

lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and MBAM scan log )

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #24 on: August 22, 2010, 02:56:34 AM »
Sorry, didn't see that. I've already copy/pasted the logs, however in case some find it easier to just read the attached .txt. files, I'll put those up as well.

YoKenny

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #25 on: August 22, 2010, 01:37:02 PM »
Quote
I ran otl, and I'll post the logs here (though I'll probably have to break them up to meet the character limit).
and that is why i posted this in my reply #6

lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and MBAM scan log )

Looks like ZeroTheHero has a lot of work to do
Quote
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Windows XP Home Edition Service Pack 2 went out of support on July 13, 2010 July http://support.microsoft.com/gp/lifean31

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Real threat or false positive (with Avast 5)?
« Reply #26 on: August 22, 2010, 01:50:23 PM »
The proxy server is a loophole in your security that will need to be closed.  And getting SP3/IE8 is a must 

I will also clear the temp files as CC does not go deep enough

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :OTL
    IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88854
  • No support PMs thanks
Re: Real threat or false positive (with Avast 5)?
« Reply #27 on: August 22, 2010, 03:31:38 PM »
@ essexboy
These proxy settings are for the web shield, yes (as Localhost port 12080 is the web shield redirect local proxy) ?
Quote
IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080

However, that said it should only be present if set by the user I believe.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Real threat or false positive (with Avast 5)?
« Reply #28 on: August 22, 2010, 03:45:19 PM »
That is correct it need to be set by the user, in this case it is onlly set for one user as well and a defunct user at that  ;D

ZeroTheHero

  • Guest
Re: Real threat or false positive (with Avast 5)?
« Reply #29 on: August 22, 2010, 07:21:39 PM »
I've attached the log to this post. Also, I don't know if I've said it yet, so thanks everyone for the help.