Author Topic: solved malicious url since installing avast 6  (Read 31161 times)

0 Members and 1 Guest are viewing this topic.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #45 on: May 03, 2011, 07:45:09 PM »
have you left me ???

Alas! I am a human being, and as such I tend to eat and drink sometimes - in this case, I was away doing the opposite..  ;D

Other than that, I will never ever leave you.  8)
« Last Edit: May 03, 2011, 07:47:57 PM by Zyndstoff (aka Steven Gail) »
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #46 on: May 03, 2011, 07:45:27 PM »
do i run or save

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #47 on: May 03, 2011, 07:46:12 PM »
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #48 on: May 03, 2011, 08:08:53 PM »
code]
OTS logfile created on: 03/05/2011 18:52:41 - Run 1
OTS by OldTimer - Version 3.1.42.0     Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
511.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11.72 Gb Total Space | 0.53 Gb Free Space | 4.49% Space Free | Partition Type: NTFS
Drive D: | 102.76 Gb Total Space | 5.56 Gb Free Space | 5.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 74.52 Gb Total Space | 60.31 Gb Free Space | 80.93% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME-PC
Current User Name: Diane
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Da

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #49 on: May 03, 2011, 08:09:38 PM »
Processes - Safe List]
ots.exe -> D:\OTS.exe -> [2011/05/03 18:47:56 | 000,645,632 | ---- | M] (OldTimer Tools)
avastui.exe -> C:\Program Files\AVAST Software\Avast\AvastUI.exe -> [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software)
avastsvc.exe -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software)
runservice.exe -> C:\WINDOWS\Runservice.exe -> [2010/07/18 21:30:50 | 000,002,560 | ---- | M] ()
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
sprtcmd.exe -> C:\Program Files\TalkTalk\bin\sprtcmd.exe -> [2005/08/16 00:12:02 | 000,192,512 | ---- | M] (SupportSoft, Inc.)
dragdiag.exe -> C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe -> [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium)
mixer.exe -> C:\WINDOWS\mixer.exe -> [2001/10/22 10:24:28 | 001,216,512 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw))
 
[Modules - Safe List]
ots.exe -> D:\OTS.exe -> [2011/05/03 18:47:56 | 000,645,632 | ---- | M] (OldTimer Tools)
snxhk.dll -> C:\Program Files\AVAST Software\Avast\snxhk.dll -> [2011/04/18 18:25:09 | 000,199,792 | ---- | M] (AVAST Software)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\system32\framedyn.dll -> [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
sprthook.dll -> C:\Program Files\TalkTalk\bin\sprthook.dll -> [2005/08/16 00:12:16 | 000,102,400 | ---- | M] (SupportSoft, Inc.)
 
[Win32 Services - Safe List]
(WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] ->  -> File not found
(oeldy1bfyefa2) Ati External Event Utility [Auto | Stopped] ->  -> File not found
(AMService) AMService [Auto | Stopped] ->  -> File not found
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\AVAST Software\Avast\AvastSvc.exe -> [2011/04/18 18:25:10 | 000,042,184 | ---- | M] (AVAST Software)
(LicCtrlService) LicCtrl Service [Auto | Running] -> C:\WINDOWS\Runservice.exe -> [2010/07/18 21:30:50 | 000,002,560 | ---- | M] ()
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(aswSnx) aswSnx [File_System | System | Running] -> C:\WINDOWS\System32\drivers\aswSnx.sys -> [2011/04/18 18:17:46 | 000,441,176 | ---- | M] (AVAST Software)
(aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2011/04/18 18:17:34 | 000,307,288 | ---- | M] (AVAST Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2011/04/18 18:16:18 | 000,049,240 | ---- | M] (AVAST Software)
(aswMon2) aswMon2 [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2011/04/18 18:16:06 | 000,102,488 | ---- | M] (AVAST Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2011/04/18 18:13:21 | 000,025,432 | ---- | M] (AVAST Software)
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2011/04/18 18:13:02 | 000,030,680 | ---- | M] (AVAST Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2011/04/18 18:12:58 | 000,019,544 | ---- | M] (AVAST Software)
(fssfltr) fssfltr [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -> [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/14 06:51:44 | 000,010,624 | ---- | M] (Microsoft Corporation)
(StarOpen) StarOpen [File_System | System | Running] -> C:\WINDOWS\System32\drivers\StarOpen.sys -> [2006/07/24 16:05:00 | 000,005,632 | ---- | M] ()
(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdm.sys -> [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI)
(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_mdfl.sys -> [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI)
(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ss_bus.sys -> [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI)
(ssm_mdm) SAMSUNG Mobile USB Modem II 1.0 Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssm_mdm.sys -> [2005/08/30 02:49:38 | 000,094,000 | ---- | M] (MCCI)
(ssm_mdfl) SAMSUNG Mobile USB Modem II 1.0 Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssm_mdfl.sys -> [2005/08/30 02:49:34 | 000,008,336 | ---- | M] (MCCI)
(ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssm_bus.sys -> [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI)
(SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sisnic.sys -> [2004/08/03 22:31:36 | 000,032,768 | ---- | M] (SiS Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.)
(alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\alcan5wn.sys -> [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON)
(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\alcaudsl.sys -> [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON)
(cmpci) C-Media PCI Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\cmaudio.sys -> [2001/10/30 13:01:50 | 000,280,782 | ---- | M] (C-Media Inc)
 

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #50 on: May 03, 2011, 08:12:01 PM »
Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.mytalktalk.co.uk ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\__aswSnx private storage\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: Main\\"Start Page" -> http://www.mytalktalk.co.uk ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: Main\\"Start Page Redirect Cache" -> http://uk.msn.com/?ocid=iehp ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: Main\\"Start Page Redirect Cache AcceptLangs" -> en-gb ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> AC 2C CD CF 9E 6A CA 01  [binary data] ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: URLSearchHooks\\"{00000000-6E41-4FD3-8538-502F5495E5FC}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [UrlSearchHook Class] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95} -> C:\Documents and Settings\Liam\Local Settings\Application Data\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95} [C:\DOCUMENTS AND SETTINGS\LIAM\LOCAL SETTINGS\APPLICATION DATA\{B339B6F2-77FD-4E58-B2A4-BAC1C8536C95}] -> [2011/05/02 17:49:40 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{053530DC-6E55-4935-A879-42149E9D9AF2} -> C:\Documents and Settings\Diane\Local Settings\Application Data\{053530DC-6E55-4935-A879-42149E9D9AF2} [C:\DOCUMENTS AND SETTINGS\DIANE\LOCAL SETTINGS\APPLICATION DATA\{053530DC-6E55-4935-A879-42149E9D9AF2}] -> [2011/05/03 08:39:20 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2011/05/03 18:28:18 | 000,000,698 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\HOSTS ->
Reset Hosts

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #51 on: May 03, 2011, 08:12:47 PM »
27.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0974BA1E-64EC-11DE-B2A5-E43756D89593} [HKLM] ->  [MediaBar] -> File not found
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2010/05/14 11:00:26 | 000,191,792 | ---- | M] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [SSVHelper Class] -> [2010/06/29 16:14:30 | 000,321,312 | ---- | M] (Sun Microsystems, Inc.)
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/04/18 18:25:08 | 000,818,280 | ---- | M] (AVAST Software)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] ->  [Skype Plug-In] -> File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [Google Toolbar Notifier BHO] -> [2011/04/26 21:48:03 | 001,007,160 | ---- | M] (Google Inc.)
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}" [HKLM] ->  [MediaBar] -> File not found
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" [HKLM] -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [avast! WebRep] -> [2011/04/18 18:25:08 | 000,818,280 | ---- | M] (AVAST Software)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Support.com Toolbar] -> [2011/02/01 19:17:24 | 001,487,240 | ---- | M] (Ask)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast" -> C:\Program Files\AVAST Software\Avast\avastUI.exe ["C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui] -> [2011/04/18 18:25:12 | 003,460,784 | ---- | M] (AVAST Software)
"C-Media Mixer" -> C:\WINDOWS\mixer.exe [Mixer.exe /startup] -> [2001/10/22 10:24:28 | 001,216,512 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw))
"SM_IAN" ->  [C:\Program Files\AdvancedCleaner Free\ian_monitor.exe] -> File not found
"SpeedTouch USB Diagnostics" -> C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe ["C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon] -> [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium)
"SunJavaUpdateSched" ->  ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> File not found
"TalkTalk" -> C:\Program Files\TalkTalk\bin\sprtcmd.exe ["C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk] -> [2005/08/16 00:12:02 | 000,192,512 | ---- | M] (SupportSoft, Inc.)
"UADC_4215311620" ->  ["C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c] -> File not found
"UADC_534121639" ->  ["C:\Program Files\AdvancedCleaner Free\UADCcw.exe" -c] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< Charlotte Startup Folder > -> C:\Documents and Settings\Charlotte\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Diane Startup Folder > -> C:\Documents and Settings\Diane\Start Menu\Programs\Startup ->
< Liam Startup Folder > -> C:\Documents and Settings\Liam\Start Menu\Programs\Startup

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #52 on: May 03, 2011, 08:14:15 PM »
CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites ->  [http://favorites.live.com/quickadd.aspx] -> File not found
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html] -> [2011/04/26 20:54:18 | 001,967,792 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites ->  [http://favorites.live.com/quickadd.aspx] -> File not found
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html] -> [2011/04/26 20:54:18 | 001,967,792 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Windows &Live Favorites ->  [http://favorites.live.com/quickadd.aspx] -> File not found
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html] -> [2011/04/26 20:54:18 | 001,967,792 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Menu: Sun Java Console] -> [2010/04/12 17:29:21 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] ->  [Button: Skype Plug-In] -> File not found
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] ->  [Menu: Skype Plug-In] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Pr

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #53 on: May 03, 2011, 08:15:15 PM »
 Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\__aswSnx private storage\] > -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\__aswSnx private storage\] > -> HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\__aswSnx private storage\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1547161642-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{5C051655-FCD5-4969-9182-770EA5AA5565} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab [Solitaire Showdown Class] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab [UnoCtrl Class] ->
{8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #54 on: May 03, 2011, 08:15:44 PM »
STOP!
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #55 on: May 03, 2011, 08:15:56 PM »
Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{CBBA2003-F830-4722-94CA-0C4CF69B8798}\\DhcpNameServer -> 192.168.1.1   (SiS 900-Based PCI Fast Ethernet Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" ->  [C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare] -> File not found
"C:\Program Files\MSN Messenger\livecall.exe" ->  [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" ->  [C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare] -> File not found
"C:\Program Files\LimeWire\LimeWire.exe" ->  [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\MSN Messenger\livecall.exe" ->  [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found
"C:\Program Files\NetMeeting\conf.exe" -> C:\Program Files\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> [2008/04/14 06:42:16 | 001,032,192 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" -> C:\WINDOWS\System32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing] -> [2008/04/14 06:42:34 | 000,077,312 | ---- | M] (Microsoft Corporation)
"D:\FrostWire\FrostWire.exe" -> D:\FrostWire\FrostWire.exe [D:\FrostWire\FrostWire.exe:*:Enabled:FrostWire] -> [2010/11/20 05:50:52 | 000,114,688 | ---- | M] (FrostWire Group)
"D:\LimeWire\LimeWire.exe" ->  [D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"D:\Winmx\WinMX.exe" ->  [D:\Winmx\WinMX.exe:*:Enabled:WinMX Application] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/10/24 13:36:34 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
 

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #56 on: May 03, 2011, 08:16:29 PM »
Please send as attachement.
Save the log file to disk and then attach with "Additional Options" please.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #57 on: May 03, 2011, 08:19:47 PM »
how do i save to disc

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: malicious url since installing avast 6
« Reply #58 on: May 03, 2011, 08:25:57 PM »
The log file is opened in notepad, isn't it? Just click on "File", "Save".
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

diane blanx

  • Guest
Re: malicious url since installing avast 6
« Reply #59 on: May 03, 2011, 08:31:16 PM »
not sure if this has worked