Author Topic: Real threat or false positive (with Avast 5)?  (Read 15072 times)

0 Members and 1 Guest are viewing this topic.

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #15 on: August 22, 2010, 02:44:13 AM »
OTL, part 6



NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\System32\WMI.DLL (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619700398653440)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/08/21 19:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\My Documents\otl
[2010/08/21 16:23:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\guest2\Recent
[2010/08/21 15:55:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/21 11:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\DoctorWeb
[2010/08/21 11:05:37 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/21 11:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\My Documents\New Folder
[2010/08/20 20:29:34 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/08/16 23:14:34 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/16 23:14:34 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/16 23:14:32 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/16 23:14:31 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/16 23:14:30 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/16 23:14:30 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/16 23:14:29 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/16 23:13:23 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/16 23:13:22 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/16 23:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/16 17:51:50 | 000,000,000 | ---D | C] -- C:\Temp
[2010/08/16 17:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\Application Data\Digital Album Organizer
[2010/08/16 17:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\Application Data\Wal-Mart Digital Photo Viewer
[2010/08/03 19:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2010/08/03 19:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRIP3
[2010/07/28 14:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/07/12 20:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\Application Data\Stella
[2010/07/12 20:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stella
[2010/07/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\guest2\Application Data\vlc
[2010/06/27 13:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/27 01:19:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/06/23 22:22:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/23 22:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/23 22:20:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/06/23 22:19:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/06/23 22:19:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/06/23 15:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/17 21:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2010/06/17 21:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/06/13 19:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/06/08 11:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/03 01:38:44 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/01 22:50:56 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/05/28 17:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #16 on: August 22, 2010, 02:45:49 AM »
OTL, part 7


========== Files - Modified Within 90 Days ==========
 
[2010/08/21 18:53:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1784066151-926666739-2172271728-1007UA.job
[2010/08/21 18:22:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/21 15:55:57 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/21 15:55:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 15:55:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/21 15:55:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/21 15:55:07 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 11:34:23 | 014,680,064 | -H-- | M] () -- C:\Documents and Settings\guest2\NTUSER.DAT
[2010/08/21 11:33:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\guest2\NTUSER.INI
[2010/08/21 11:15:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/21 11:05:37 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/08/20 22:53:14 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1784066151-926666739-2172271728-1007Core.job
[2010/08/20 21:06:32 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Google Chrome.lnk
[2010/08/20 11:48:01 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\guest2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 10:09:24 | 000,416,778 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/08/16 23:14:35 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/16 23:14:30 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/11 14:03:48 | 000,416,571 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100820-100924.backup
[2010/08/03 21:33:24 | 000,966,656 | -H-- | M] () -- C:\Documents and Settings\guest2\My Documents\photothumb.db
[2010/08/03 19:11:12 | 000,000,073 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/08/03 19:00:46 | 000,001,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/03 19:00:25 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\FreeRIP.lnk
[2010/07/28 14:24:15 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Any Video Converter.lnk
[2010/07/28 14:19:42 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\CCleaner.lnk
[2010/07/25 13:06:47 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\mcs.rma
[2010/07/25 13:06:47 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\570BB0
[2010/07/18 12:08:08 | 000,412,044 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100811-140348.backup
[2010/07/08 15:35:34 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/07/08 15:27:18 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Doctor.lnk
[2010/07/08 15:22:07 | 000,411,842 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100718-120808.backup
[2010/07/08 15:12:57 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/07/08 15:05:20 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/08 15:04:35 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\ZoneAlarm Security.lnk
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 15:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/24 16:34:07 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/24 16:23:00 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 22:36:10 | 000,408,505 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100708-152207.backup
[2010/06/23 22:25:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/23 22:08:38 | 000,000,800 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100623-223610.backup
[2010/06/23 22:08:18 | 000,000,800 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100623-220837.backup
[2010/06/23 21:53:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/06/23 16:01:25 | 000,408,517 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100623-220818.backup
[2010/06/23 15:45:54 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/16 16:59:45 | 000,408,391 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100623-160125.backup
[2010/06/14 11:08:41 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Spybot - Search & Destroy.lnk
[2010/06/13 19:39:35 | 000,404,329 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100616-165945.backup
[2010/06/13 19:36:21 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Speccy.lnk
[2010/06/10 10:02:18 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 11:51:16 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/07 11:48:38 | 000,403,630 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100613-193935.backup
[2010/06/03 01:38:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\SpywareBlaster.lnk
[2010/06/03 01:32:27 | 000,403,630 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100607-114838.backup
[2010/05/31 22:37:54 | 002,641,454 | -H-- | M] () -- C:\Documents and Settings\guest2\Local Settings\Application Data\IconCache.db
[2010/05/28 17:37:33 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\guest2\Desktop\Recuva.lnk
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #17 on: August 22, 2010, 02:46:24 AM »
OTL, part 8



========== Files Created - No Company Name ==========
 
[2010/08/16 23:14:35 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/16 22:56:53 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/03 19:01:38 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/08/03 19:00:46 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/03 19:00:25 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\FreeRIP.lnk
[2010/07/28 14:24:15 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\Any Video Converter.lnk
[2010/07/08 15:35:34 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/07/08 15:04:35 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\ZoneAlarm Security.lnk
[2010/07/08 15:04:18 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/24 16:23:00 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/06/24 16:23:00 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/23 15:45:54 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/13 19:36:21 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\Speccy.lnk
[2010/06/08 11:51:16 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/08 11:42:26 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/03 01:38:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\SpywareBlaster.lnk
[2010/05/28 17:37:33 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\guest2\Desktop\Recuva.lnk
[2010/02/07 20:59:44 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/08/24 14:41:00 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/04/25 16:26:17 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\guest2\Application Data\570BB0
[2009/04/25 16:26:16 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\guest2\Application Data\mcs.rma
[2009/04/19 17:08:51 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\guest2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/14 12:21:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/01/02 19:05:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/25 20:05:37 | 000,002,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/25 17:47:41 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/26 17:09:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\wdt2u.dll
[2005/04/27 20:02:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pcrrtxtc.dll
[2005/02/06 08:55:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/06 08:48:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/02/06 08:15:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/18 13:01:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\CoPrism.dll
[2004/08/10 14:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 06:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/09/22 15:35:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #18 on: August 22, 2010, 02:47:03 AM »
OTL, part 9



========== LOP Check ==========
 
[2010/08/16 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/03 19:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/03/14 11:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2005/02/06 08:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2009/04/20 02:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/08/17 18:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 08:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/23 21:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/07 08:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/27 00:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\.BitTornado
[2009/12/05 10:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\AnvSoft
[2010/02/12 11:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Any Video Converter
[2009/04/21 15:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\COWON
[2009/05/01 09:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\dBpoweramp
[2009/11/18 18:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Greyfirst
[2010/02/23 20:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Mael
[2009/06/12 18:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\SecondLife
[2010/07/12 20:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Stella
[2009/12/02 22:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Thunderbird
[2010/08/16 17:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\guest2\Application Data\Wal-Mart Digital Photo Viewer
[2008/10/15 03:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\true_til_death\Application Data\FrostWire
[2009/03/14 11:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\true_til_death\Application Data\HotSync
[2008/11/04 09:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\true_til_death\Application Data\Viewpoint
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #19 on: August 22, 2010, 02:47:46 AM »
OTL, part 10



========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/20 11:00:56 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/08/10 14:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/02/06 08:20:34 | 000,004,711 | RH-- | M] () -- C:\DELL.SDR
[2010/08/21 15:55:07 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/03 13:12:49 | 000,000,863 | ---- | M] () -- C:\hpfr3500.log
[2004/08/10 14:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/02/06 08:53:47 | 000,000,746 | -H-- | M] () -- C:\IPH.PH
[2010/04/30 14:10:51 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/08/10 14:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 06:00:00 | 000,250,032 | RHS- | M] () -- C:\NTLDR
[2010/08/21 15:55:06 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/08/21 15:56:41 | 000,001,530 | ---- | M] () -- C:\SMax.log
[2005/02/06 08:37:02 | 000,001,528 | ---- | M] () -- C:\SMax.log.bak
[2005/02/06 08:53:56 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2009/01/15 09:29:17 | 000,000,150 | ---- | M] () -- C:\YServer.txt
 
< %systemroot%\Fonts\*.com >
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2004/08/10 14:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/08/10 14:04:12 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/04/18 10:53:15 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/10 14:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\guest2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 04:10:36
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #20 on: August 22, 2010, 02:49:06 AM »
Extras, part 1



OTL Extras logfile created on: 8/21/2010 6:38:26 PM - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Documents and Settings\guest2\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 209.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.50 Gb Total Space | 13.66 Gb Free Space | 19.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GUEST
Current User Name: guest2
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1784066151-926666739-2172271728-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #21 on: August 22, 2010, 02:50:30 AM »
Extras, part 2



========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- File not found
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = USB 2.0 Wireless LAN Card Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #22 on: August 22, 2010, 02:51:06 AM »
Extras, part 3


"7-Zip" = 7-Zip 4.65
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.7
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"AoA Video Joiner_is1" = AoA Video Joiner
"avast5" = avast! Free Antivirus
"BitTornado" = BitTornado 0.3.18
"CCleaner" = CCleaner
"Celtx (2.5.1)" = Celtx (2.5.1)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comcast Rhapsody" = Comcast Rhapsody
"dBpoweramp AIFF Codec" = dBpoweramp AIFF Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"DellSupport" = Dell Support 5.0.0 (630)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MyWaySearchAssistantDE" = My Way Search Assistant
"Nero - Burning Rom!UninstallKey" = Ahead Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoScape" = PhotoScape
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Recuva" = Recuva
"SecondLife" = SecondLife (remove only)
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Stella_is1" = Stella 3.1.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.0
"WAVSPLIT210_is1" = Wave Splitter 2.10
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1784066151-926666739-2172271728-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/19/2010 3:56:39 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 4:25:43 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 4:56:43 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 5:57:00 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 6:56:40 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/19/2010 10:25:50 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/21/2010 3:56:39 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/21/2010 4:25:42 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/21/2010 5:56:46 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
Error - 8/21/2010 6:56:41 PM | Computer Name = GUEST | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 8/21/2010 12:37:07 PM | Computer Name = GUEST | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
 the kernel-mode translation module.  This may indicate misconfiguration, insufficient
 resources, or  an internal error.  The data is the error code.
 
Error - 8/21/2010 12:38:09 PM | Computer Name = GUEST | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the  Network Card with network address 001111C440B1.
 
Error - 8/21/2010 12:38:58 PM | Computer Name = GUEST | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the  Network Card with network address 001111C440B1.
 
Error - 8/21/2010 4:37:10 PM | Computer Name = GUEST | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 8/21/2010 4:55:10 PM | Computer Name = GUEST | Source = Dhcp | ID = 1002
Description = The IP address lease 67.175.218.139 for the Network Card with network
 address 001111C440B1 has been  denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).
 
Error - 8/21/2010 4:55:49 PM | Computer Name = GUEST | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
 following error:   %%3
 
Error - 8/21/2010 4:55:49 PM | Computer Name = GUEST | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
 
Error - 8/21/2010 4:56:34 PM | Computer Name = GUEST | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the  Network Card with network address 001111C440B1.
 
Error - 8/21/2010 4:56:58 PM | Computer Name = GUEST | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
 the  Network Card with network address 001111C440B1.
 
Error - 8/21/2010 4:57:37 PM | Computer Name = GUEST | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000023, parameter2 00000002, parameter3
 00000000, parameter4 804f217b.
 
 
< End of report >
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35857
Re: Real threat or false positive (with Avast 5)?
« Reply #23 on: August 22, 2010, 02:53:38 AM »
Quote
I ran otl, and I'll post the logs here (though I'll probably have to break them up to meet the character limit).
and that is why i posted this in my reply #6

lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and MBAM scan log )
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #24 on: August 22, 2010, 02:56:34 AM »
Sorry, didn't see that. I've already copy/pasted the logs, however in case some find it easier to just read the attached .txt. files, I'll put those up as well.
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Real threat or false positive (with Avast 5)?
« Reply #25 on: August 22, 2010, 01:37:02 PM »
Quote
I ran otl, and I'll post the logs here (though I'll probably have to break them up to meet the character limit).
and that is why i posted this in my reply #6

lower left corner: Additional Options > Attach ( OTL.Txt and Extras.Txt. and MBAM scan log )

Looks like ZeroTheHero has a lot of work to do
Quote
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Windows XP Home Edition Service Pack 2 went out of support on July 13, 2010 July http://support.microsoft.com/gp/lifean31
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Real threat or false positive (with Avast 5)?
« Reply #26 on: August 22, 2010, 01:50:23 PM »
The proxy server is a loophole in your security that will need to be closed.  And getting SP3/IE8 is a must 

I will also clear the temp files as CC does not go deep enough

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Quote
    :OTL
    IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81641
  • No support PMs thanks
Re: Real threat or false positive (with Avast 5)?
« Reply #27 on: August 22, 2010, 03:31:38 PM »
@ essexboy
These proxy settings are for the web shield, yes (as Localhost port 12080 is the web shield redirect local proxy) ?
Quote
IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1784066151-926666739-2172271728-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080

However, that said it should only be present if set by the user I believe.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.6.2383 (build: 19.6.4546.508)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40632
  • Dragons by Sasha
    • Malware fixes
Re: Real threat or false positive (with Avast 5)?
« Reply #28 on: August 22, 2010, 03:45:19 PM »
That is correct it need to be set by the user, in this case it is onlly set for one user as well and a defunct user at that  ;D

Offline ZeroTheHero

  • Jr. Member
  • **
  • Posts: 22
Re: Real threat or false positive (with Avast 5)?
« Reply #29 on: August 22, 2010, 07:21:39 PM »
I've attached the log to this post. Also, I don't know if I've said it yet, so thanks everyone for the help.
Intel Pentium 4 CPU 2.80 GHz, 512MB RAM, Windows XP, Avast 5 Free