Author Topic: Automatically Deleted File Causing Popup At Startup  (Read 17685 times)

0 Members and 1 Guest are viewing this topic.

Offline mpkeith

  • Jr. Member
  • **
  • Posts: 22
Re: Automatically Deleted File Causing Popup At Startup
« Reply #30 on: December 25, 2010, 12:10:57 AM »
========== Files/Folders - Created Within 30 Days ==========
 
[2010/12/24 17:40:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/23 20:49:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\BthcfgLite
[2010/12/23 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\Matt\MadeiraBean
[2010/12/23 17:47:59 | 000,165,584 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2010/12/23 17:47:59 | 000,017,744 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2010/12/23 17:47:57 | 000,023,376 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2010/12/23 17:47:53 | 000,046,672 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2010/12/23 17:47:50 | 000,050,768 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2010/12/23 17:47:37 | 000,167,592 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2010/12/23 17:47:37 | 000,038,848 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2010/12/22 04:44:40 | 000,000,000 | ---D | C] -- C:\Suspect
[2010/12/21 23:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/12/21 23:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/21 21:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/12/20 23:25:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Google
[2010/12/20 23:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/20 23:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/20 23:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/13 23:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\E.M. HD Video Converter
[2010/12/13 23:24:36 | 000,000,000 | ---D | C] -- C:\windows\System32\QuickTime
[2010/12/13 23:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/13 23:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/12/13 23:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/12/12 11:32:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\HandBrake
[2010/12/12 11:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/12/11 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\HD Video Converter
[2010/12/11 21:04:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Media Player Classic
[2010/12/11 20:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickMediaConverter
[2010/12/11 20:02:17 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\CocoonSoftware
[2010/12/11 20:01:48 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\WDSetup
[2010/12/11 13:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Free Convert HD Video to AVI DIVX FLV MP4 Converter
[2010/12/11 12:46:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{5D409B5B-F214-45C2-A4E3-94395E98CBAF}
[2010/12/11 10:43:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\Strobe Media Playback
[2010/12/11 00:08:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\camstudiosample
[2010/12/11 00:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio
[2010/12/10 21:12:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{1840D6E6-240D-4830-A33C-05BD1FAB95A7}
[2010/12/10 21:10:47 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{D490A0DE-5A3A-4EB5-B9A4-5E530A0B1C0F}
[2010/12/10 21:10:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer
[2010/12/10 21:10:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Windows Live Writer
[2010/12/10 21:10:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\My Weblog Posts
[2010/12/10 21:08:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{33B8A12D-B27D-461B-8D4D-AC20769A0EAE}
[2010/12/10 18:58:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Windows Live
[2010/12/10 09:50:42 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\inkscape
[2010/12/10 09:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2010/12/09 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\Fat Banana Productions
[2010/12/09 16:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/12/09 16:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Flip Video
[2010/12/04 05:00:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Marketing System Review
[2010/12/03 22:04:17 | 000,000,000 | ---D | C] -- C:\Users\Matt\ClimateGate
[2010/12/02 05:49:48 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\windows\System32\pdfmona.dll
[2010/12/02 05:49:46 | 000,000,000 | ---D | C] -- C:\pdf995
[2010/11/28 23:44:48 | 000,000,000 | ---D | C] -- C:\Users\Matt\Hardgainers Forum
[2010/11/28 23:44:40 | 000,000,000 | ---D | C] -- C:\Users\Matt\New folder
[2010/11/27 02:33:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\My Expiring Domains
[2010/11/25 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\DivX
[2010/11/25 22:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/11/25 22:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/11/25 22:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/11/25 22:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

Offline mpkeith

  • Jr. Member
  • **
  • Posts: 22
Re: Automatically Deleted File Causing Popup At Startup
« Reply #31 on: December 25, 2010, 12:11:38 AM »
========== Files - Modified Within 30 Days ==========
 
[2010/12/24 17:42:43 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/24 17:42:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/12/24 17:42:20 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/24 17:41:47 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 17:41:47 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/24 17:40:27 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2010/12/23 22:47:04 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/23 20:55:57 | 000,615,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/12/23 20:55:57 | 000,103,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/12/23 18:50:09 | 000,001,181 | ---- | M] () -- C:\Users\Matt\Desktop\Mad Bean.lnk
[2010/12/23 17:57:12 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/23 17:57:10 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2010/12/21 21:17:21 | 000,002,200 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/21 21:11:27 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/21 21:04:07 | 000,001,924 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/17 03:48:54 | 000,011,264 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/16 18:03:55 | 000,356,704 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/12/13 23:56:29 | 000,001,065 | ---- | M] () -- C:\Users\Matt\Desktop\E.M. HD Video Converter.lnk
[2010/12/13 23:24:37 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/12/13 16:54:01 | 000,001,285 | ---- | M] () -- C:\Users\Matt\.recently-used.xbel
[2010/12/10 09:39:27 | 000,001,004 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2010/12/09 16:36:23 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/12/08 21:57:59 | 000,000,059 | ---- | M] () -- C:\windows\wpd99.drv
[2010/12/02 05:49:48 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\windows\System32\pdfmona.dll
[2010/12/02 05:49:48 | 000,051,716 | ---- | M] () -- C:\windows\System32\pdf995mon.dll
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/11/28 23:57:06 | 000,001,961 | ---- | M] () -- C:\Users\Matt\Desktop\FileZilla Client.lnk
 
========== Files Created - No Company Name ==========
 
[2010/12/23 18:50:09 | 000,001,181 | ---- | C] () -- C:\Users\Matt\Desktop\Mad Bean.lnk
[2010/12/23 17:48:00 | 000,001,944 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/12/21 21:17:21 | 000,002,200 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/21 21:14:21 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/21 21:14:19 | 000,000,878 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/21 21:04:07 | 000,001,924 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/21 21:04:07 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/13 23:56:29 | 000,001,065 | ---- | C] () -- C:\Users\Matt\Desktop\E.M. HD Video Converter.lnk
[2010/12/13 23:24:37 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2010/12/13 16:54:01 | 000,001,285 | ---- | C] () -- C:\Users\Matt\.recently-used.xbel
[2010/12/13 13:20:19 | 000,001,961 | ---- | C] () -- C:\Users\Matt\Desktop\FileZilla Client.lnk
[2010/12/10 09:39:27 | 000,001,004 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2010/12/09 16:36:23 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/12/02 05:49:48 | 000,051,716 | ---- | C] () -- C:\windows\System32\pdf995mon.dll
[2010/12/02 05:49:48 | 000,000,059 | ---- | C] () -- C:\windows\wpd99.drv
[2010/11/10 06:49:44 | 000,000,010 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\install
[2010/11/08 14:59:39 | 000,011,264 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 00:01:51 | 000,155,648 | ---- | C] () -- C:\windows\System32\ESGAppInfo.dll
[2010/06/22 23:53:56 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/06/22 23:35:10 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/06/22 23:29:51 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
 
========== LOP Check ==========
 
[2010/10/28 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG10
[2010/12/11 20:02:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\CocoonSoftware
[2010/12/15 06:00:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FileZilla
[2010/11/11 23:47:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FrostWire
[2010/12/12 11:32:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\HandBrake
[2010/12/10 09:50:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\inkscape
[2010/12/02 05:55:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\pdf995
[2010/10/28 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinBatch
[2010/12/10 21:10:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer
[2010/11/21 04:14:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Xisyaf
[2010/12/18 00:16:42 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========

< End of report >

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: Automatically Deleted File Causing Popup At Startup
« Reply #32 on: December 25, 2010, 12:15:33 AM »
Files can be attached, using the Additional Options link in the reply window. You can attach .txt, .log, .jpg or .gif files to posts.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mpkeith

  • Jr. Member
  • **
  • Posts: 22
Re: Automatically Deleted File Causing Popup At Startup
« Reply #33 on: December 25, 2010, 01:06:51 AM »
Seems unless I copy and paste the text directly it changes all of the characters... on my end anyways...
« Last Edit: December 25, 2010, 01:09:40 AM by mpkeith »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: Automatically Deleted File Causing Popup At Startup
« Reply #34 on: December 25, 2010, 01:51:56 AM »
You aren't saving the file in the correct format, In the Encoding part when you save the file, I believe that has to be in Unicode, or if that is what it is in, then ANSI.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mpkeith

  • Jr. Member
  • **
  • Posts: 22
Re: Automatically Deleted File Causing Popup At Startup
« Reply #35 on: December 25, 2010, 03:35:54 AM »
Here's the 3 big encodings... they all open the same (good) on my computer.

EDIT: Odd, now all 3 are opening fine after uploading too  :-\
« Last Edit: December 25, 2010, 03:37:29 AM by mpkeith »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85965
  • No support PMs thanks
Re: Automatically Deleted File Causing Popup At Startup
« Reply #36 on: December 25, 2010, 04:14:11 AM »
Yes strange that, hopefully essexboy will be able to analyse the log/s. Not sure what he is up to on Christmas day.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mpkeith

  • Jr. Member
  • **
  • Posts: 22
Re: Automatically Deleted File Causing Popup At Startup
« Reply #37 on: December 25, 2010, 05:51:28 AM »
Hopefully spending it with family. I'm in no hurry.

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5198
Re: Automatically Deleted File Causing Popup At Startup
« Reply #38 on: December 25, 2010, 09:06:18 AM »
The files have to be saved in ANSI format.

When the OTL scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).  Thank you.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Automatically Deleted File Causing Popup At Startup
« Reply #39 on: December 25, 2010, 10:49:04 AM »
Has the popup gone now ?

The logs appear OK

Offline mpkeith

  • Jr. Member
  • **
  • Posts: 22
Re: Automatically Deleted File Causing Popup At Startup
« Reply #40 on: December 25, 2010, 01:16:13 PM »
Yes it's gone... I didn't even think to check it last night. Awesome X-mas Present! Thanks a lot everyone. Essexboy, I owe you a 12-pack!

Just out of curiosity, has it been determined whether or not it was a virus or not?

And btw, there really should be a "buy me a beer" feature on here.
« Last Edit: December 25, 2010, 01:22:51 PM by mpkeith »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72920
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Automatically Deleted File Causing Popup At Startup
« Reply #41 on: December 25, 2010, 03:54:47 PM »
And btw, there really should be a "buy me a beer" feature on here.

If there would be such a feature, essexboy would be drunk most of the time, as he really helps many people here... ;)
Cheers, essex..!! ;D
asyn
Win 8.1 [x64] - Avast PremSec 21.11.6787.IBC [UI.681] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.4 - SecureLine 5.14 - Driver Updater 21.4 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40610
  • Dragons by Sasha
    • Malware fixes
Re: Automatically Deleted File Causing Popup At Startup
« Reply #42 on: December 26, 2010, 11:17:52 AM »
Hic  ;D  As I am away from my system at the moment (with the outlaws ) I will post the cleanup when I get home.  Reference the file, if you do not use bluetooth then it is a moot point