Avast is giving me “Malicious URL Blocked” msgs every few seconds…cannot connect to Google but can connect to Bing. Running updated XP Pro, very unstable, having wireless connectivity problems too.
Researched various malware removal forums and did the following and attached logs.
1.-Downloaded latest versions of MBAM, OTL, Fanbar and Kaspersky TDSS Killer.
2.-Ran all following forums advice and have attached logs for MBAM to start with.
I’m sure that more is needed and will await further instructions.
Many thanks in advance.
MBAM Log
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.23.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OPTIPLEXGX280 [administrator]
9/23/2012 1:35:05 PM
mbam-log-2012-09-23 (13-35-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP |
PUM
Scan options disabled: P2P
Objects scanned: 254031
Time elapsed: 16 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\AppID\activex.DLL (Adware.180Solutions) → Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) → Quarantined and deleted successfully.
Registry Values Detected: 2
HKCR.exe\shell\open\command| (Hijack.ExeFile) → Data: "C:\Documents and Settings\Owner\Local
Settings\Application Data\upw.exe" -a “%1” %* → Quarantined and deleted successfully.
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) → Data:
825178b8003c4cc23212908bf0008128 → Quarantined and deleted successfully.
Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel
(PUM.Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp
(PUM.Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs
(PUM.Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun
(PUM.Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command|
(Hijack.StartMenuInternet) → Bad: ("C:\Documents and Settings\Owner\Local Settings\Application
Data\upw.exe" -a “C:\Program Files\Mozilla Firefox\firefox.exe”) Good: (firefox.exe) → Quarantined and repaired
successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command|
(Hijack.StartMenuInternet) → Bad: ("C:\Documents and Settings\Owner\Local Settings\Application
Data\upw.exe" -a “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode) Good: (firefox.exe -safe-mode) →
Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command|
(Hijack.StartMenuInternet) → Bad: ("C:\Documents and Settings\Owner\Local Settings\Application
Data\upw.exe" -a “C:\Program Files\Internet Explorer\iexplore.exe”) Good: (iexplore.exe) → Quarantined and
repaired successfully.
Folders Detected: 3
C:\Documents and Settings\Owner\Application
Data\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com (PUP.PlaySushi)
→ No action taken.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome
(PUP.PlaySushi) → No action taken.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components
(PUP.PlaySushi) → No action taken.
Files Detected: 7
C:\Documents and Settings\Owner\Application
Data\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome.manifest
(PUP.PlaySushi) → No action taken.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\install.rdf
(PUP.PlaySushi) → No action taken.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\chrome\pstextlin
ks.jar (PUP.PlaySushi) → No action taken.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\Play
SushiFF.dll (PUP.PlaySushi) → No action taken.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PS
TextLinks.xpt (PUP.PlaySushi) → No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\is1438683437\IWantThis.exe (Adware.GamePlayLabs)
→ Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\sdhttt.exe (Exploit.Drop.GS) → Quarantined and deleted successfully.
(end)