avast keep sending block allarm for flashlose.cc

hello,i got a problem with avast that keep blocking a access to a url message pop up every 10 15 minuts tried malwarebytes and other avast scan it find nothing…also i cant connect diablo 3 but maybe doesnt depend on that anyone could help me?

processo is process where its copyed malware (guess)

http://www.avast.com/it-it/lp-fr-virus-alert?p_ext=chrome&utm_campaign=Virus_alert&utm_source=prg_fav_70_0&utm_medium=prg_systray&utm_content=.%2Ffa%2Fit-it%2Fvirus-alert-default&p_vir=URL:Mal&p_prc=C:\Users\kkk\AppData\Local\Microsoft\Windows\Temporary%20Internet%20Files\Content.IE5\L3GIRI5B\agenearn_1

it try block access to (dont click) http://flashlose.cc/lost.dat

you are infected…possible a rootkit :-\

follow this guide and attach the logs…not copy and paste http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

still running scans but i think i found out problem with hijackthis its

CDisplay_is1.scr

it run pop up and block all host(explain why i cant run diablo that use spec host file)

still working on 2 scans but im almost sure thats problem i cant remove it from msconfig/run and itried fix it with hijackthis but it cant be fixed tried delete CDisplay_is1.scr but it say program is in use so ya im kinda blocked anyone has a solution?

put 2 logs for now still finishing malware bytes log and otl ill put later

ok other 2 scans

i dont know really how to fix…tried unactivate HKLM…\Run: [CDisplay_is1] C:\Users\kkk\AppData\Roaming\CDisplay_is1\CDisplay_is1.scr () in msconfig but it activate again alone and avast keep showing pop up with blocked access to a url

really need help

[2012/09/26 15.32.30 | 000,000,000 | --SD | C] – C:\Users\kkk\AppData\Roaming\CDisplay_is1 thats issue was create today at 3.30 pm after iw as back from work and turned on my pc

pondus give me a solution for remove it please!!!avast keep spamming me with block url messages…deactivating avast is a bad solution guess

now you relax and wait for the malware remover to arrive … it may take hours so be patient

Hi let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1136535188-260250515-840242000-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-1136535188-260250515-840242000-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1136535188-260250515-840242000-1000\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O4 - HKLM..\Run: [CDisplay_is1] C:\Users\kkk\AppData\Roaming\CDisplay_is1\CDisplay_is1.scr ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: CDisplay_is1 = C:\Users\kkk\AppData\Roaming\CDisplay_is1\CDisplay_is1.scr ()
[2012/09/26 15.32.30 | 000,000,000 | --SD | C] -- C:\Users\kkk\AppData\Roaming\CDisplay_is1

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

yes worked while otl was removing registry key avast blocked a file “dropper” with always cdisplay in system after reboot all registry and msconfig was clean

thx for help is it a new virus?cause no other antivirus detected it tried everything

That is where the manual inspection comes in, no automated tools can analyse the logs like a human

Once it has been reported and located then they will find it but, they will never be able to locate all the run locations

If all is well tomorrow let me know and I will remove my tools

Sounds like another medfos:
O4 - HKLM…\Run: [CDisplay_is1] C:\Users\kkk\AppData\Roaming\CDisplay_is1\CDisplay_is1.scr ()

doesnt it,essexboy?