Avast WEBforum

Other => Viruses and worms => Topic started by: Peanut39350 on October 27, 2012, 03:29:13 AM

Title: avast says malicious url blocked
Post by: Peanut39350 on October 27, 2012, 03:29:13 AM
# AdwCleaner v2.005 - Logfile created 10/26/2012 at 20:09:56
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jason Eakes - PEANUT
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jason Eakes\Local Settings\Temporary Internet Files\Content.IE5\JXPUSWYR\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jason Eakes\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [14390 octets] - [26/10/2012 19:20:46]
AdwCleaner[S3].txt - [851 octets] - [26/10/2012 20:09:56]
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.26.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jason Eakes :: PEANUT [administrator]

Protection: Enabled

10/25/2012 9:06:46 PM
mbam-log-2012-10-25 (21-06-46).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314135
Time elapsed: 1 hour(s), 35 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> No action taken.
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: ac105ada9b81195bcabe2c59510edb22 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Program Files\DailyFitnessCenter_53\bar\1.bin\53impipe.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files\DailyFitnessCenter_53\bar\1.bin\NP53Stub.dll (PUP.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1203\A0120199.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\Documents and Settings\Jason Eakes\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
c:\documents and settings\jason eakes\local settings\temp\6cf.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason Eakes\Local Settings\Temp\VidSaver-ppi-US_2012-08-22.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.26.13

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jason Eakes :: PEANUT [administrator]

Protection: Disabled

10/26/2012 7:33:05 PM
mbam-log-2012-10-26 (19-33-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233328
Time elapsed: 16 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Jason Eakes\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully.

(end)

########## EOF - C:\AdwCleaner[S3].txt - [910 octets] ##########
Title: Re: avast says malicious url blocked
Post by: Pondus on October 27, 2012, 11:52:53 AM
attach OTL and aswMBR log.....not copy and paste

http://forum.avast.com/index.php?topic=53253.0


and continue posting the logs here now



@Essexboy......the topic started here.   http://forum.avast.com/index.php?topic=107833.0


Title: Re: avast says malicious url blocked
Post by: essexboy on October 27, 2012, 12:24:09 PM
I will stick on this thread