Gamespotgirl88
2012-10-27, 15:34
Yesterday evening I became suspicious that I might have been attacked by malware. I did scans with avast, spybot, even windows defender and nothing was found. This morning I checked teatimer log to find 5 changes that were made yesterday that i'm not sure are normal. I cant remember what I was doing at this time other than running scans. Are these changes normal? What can I do to be notified as these are happening?
10/16/2012 8:51:29 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /A:"*" /A:"*STARTUP" /L:"1033" /heur:100 /RA:ask /pup /archives /IA:0 /KBD:5 /wow /dir:"C:\Program Files\Alwil Software\Avast5"
") changed in Session manager!
10/16/2012 9:32:47 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
10/20/2012 5:38:00 AM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
10/20/2012 5:38:00 AM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
10/20/2012 5:38:13 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
10/20/2012 5:38:17 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"") added in System Startup global entry!
10/23/2012 10:47:51 PM Allowed (based on user decision) value "aswAhAScr.dll" (new data: ""C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"") added in System Startup global entry!
10/23/2012 10:47:54 PM Allowed (based on user decision) value "aswasOutExt.dll" (new data: ""C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"") added in System Startup global entry!
10/23/2012 10:47:57 PM Allowed (based on user decision) value "aswasOutExt64.dll" (new data: ""C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll"") added in System Startup global entry!
10/23/2012 10:50:15 PM Allowed (based on user decision) value "aswAhAScr.dll" (new data: "") deleted in System Startup global entry!
10/23/2012 10:50:15 PM Allowed (based on user decision) value "aswasOutExt.dll" (new data: "") deleted in System Startup global entry!
10/23/2012 10:50:15 PM Allowed (based on user decision) value "aswasOutExt64.dll" (new data: "") deleted in System Startup global entry!
10/25/2012 9:20:58 AM Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
10/26/2012 6:09:00 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /A:"*" /A:"*STARTUP" /A:"C:" /L:"1033" /heur:100 /RA:ask /pup /archives /IA:0 /KBD:5 /wow /dir:"C:\Program Files\Alwil Software\Avast5"
") changed in Session manager!
10/26/2012 7:44:52 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
10/26/2012 7:44:57 PM Allowed (based on user decision) value "BootExecute" (new data: "") deleted in Session manager!
10/26/2012 7:44:57 PM Allowed (based on user decision) value "ExcludeFromKnownDlls" (new data: "") deleted in Session manager!
10/26/2012 7:44:59 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") added in Session manager!
10/26/2012 7:44:59 PM Allowed (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!
10/16/2012 8:51:29 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /A:"*" /A:"*STARTUP" /L:"1033" /heur:100 /RA:ask /pup /archives /IA:0 /KBD:5 /wow /dir:"C:\Program Files\Alwil Software\Avast5"
") changed in Session manager!
10/16/2012 9:32:47 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
10/20/2012 5:38:00 AM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}" (new data: "") added in ActiveX Distribution Unit!
10/20/2012 5:38:00 AM Allowed (based on user decision) value "{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}" (new data: "") deleted in ActiveX Distribution Unit!
10/20/2012 5:38:13 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: "") deleted in System Startup global entry!
10/20/2012 5:38:17 AM Allowed (based on user decision) value "SunJavaUpdateSched" (new data: ""C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"") added in System Startup global entry!
10/23/2012 10:47:51 PM Allowed (based on user decision) value "aswAhAScr.dll" (new data: ""C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"") added in System Startup global entry!
10/23/2012 10:47:54 PM Allowed (based on user decision) value "aswasOutExt.dll" (new data: ""C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"") added in System Startup global entry!
10/23/2012 10:47:57 PM Allowed (based on user decision) value "aswasOutExt64.dll" (new data: ""C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll"") added in System Startup global entry!
10/23/2012 10:50:15 PM Allowed (based on user decision) value "aswAhAScr.dll" (new data: "") deleted in System Startup global entry!
10/23/2012 10:50:15 PM Allowed (based on user decision) value "aswasOutExt.dll" (new data: "") deleted in System Startup global entry!
10/23/2012 10:50:15 PM Allowed (based on user decision) value "aswasOutExt64.dll" (new data: "") deleted in System Startup global entry!
10/25/2012 9:20:58 AM Allowed (based on user decision) value "SpybotSD TeaTimer" (new data: "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe") added in System Startup user entry!
10/26/2012 6:09:00 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /A:"*" /A:"*STARTUP" /A:"C:" /L:"1033" /heur:100 /RA:ask /pup /archives /IA:0 /KBD:5 /wow /dir:"C:\Program Files\Alwil Software\Avast5"
") changed in Session manager!
10/26/2012 7:44:52 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") changed in Session manager!
10/26/2012 7:44:57 PM Allowed (based on user decision) value "BootExecute" (new data: "") deleted in Session manager!
10/26/2012 7:44:57 PM Allowed (based on user decision) value "ExcludeFromKnownDlls" (new data: "") deleted in Session manager!
10/26/2012 7:44:59 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
") added in Session manager!
10/26/2012 7:44:59 PM Allowed (based on user decision) value "ExcludeFromKnownDlls" (new data: "") added in Session manager!