malicious url blocked

My laptop is getting a repetitive pop up,

object:http:/
infection:URL/Mal
Process:C:\Windows\syswow64\svchost.exe

Can anyone help? :cry:

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

And please post the URL(it shouldn’t be blank unless you don’t have Rogue software) :slight_smile:

PS.: If it’s really blank post the logs as Asyn said :wink:

it is blank, blue screened twice in the past hour. Working on logs now. thanks.

second one gives this website as object and url:mal2 http://26872.t.c.t.c.clickpayz.com/

Logs are attached was typing individually then had to edit. sorry

AdwCleaner
OTL
Extras

aswmbr

rogue killer(1)

roguekiller (2) after delete

rogue killer (3) after fix shortcuts

I believe I posted all logs… Is there anything else I need? Still getting repeatitive pop-up approximately every 30 seconds.

https://www.virustotal.com/en/url/4ec2a12c93bb1b6d9424d5e141a8895ca8a6fed9e19f3095132f64cbd9327d5c/analysis/1376043070/
http://sitecheck.sucuri.net/results/26872.t.c.t.c.clickpayz.com/(site unreachable)
http://urlquery.net/report.php?id=4461626

Sent to AVAST Virus Labs. :slight_smile:

https://www.virustotal.com/en/url/4ec2a12c93bb1b6d9424d5e141a8895ca8a6fed9e19f3095132f64cbd9327d5c/analysis/1376043070/ http://sitecheck.sucuri.net/results/26872.t.c.t.c.clickpayz.com/(site unreachable) http://urlquery.net/report.php?id=4461626

Sent to AVAST Virus Labs. :slight_smile:

Why are you sending this to the virus labs, avast is already alerting on it (as the OP stated to start off with), network shield malicious sites list ???

VT URL scan is rubbish in this regard as it just looks at listings and isn’t a live scan (and why avast isn’t included).

I have no idea ::slight_smile:

[quote="DavidR post:14, topic:684541"] and why avast isn't included [/quote] I have no idea ::)

That wasn’t a question, but a statement, ‘that is’ why avast isn’t included in the VT URL scan.

Hi could you confirm that his occurs with all browsers

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-542798039-1671776978-2103327220-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-542798039-1671776978-2103327220-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

log after otl run fix:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-542798039-1671776978-2103327220-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-542798039-1671776978-2103327220-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jjjj
->Temp folder emptied: 139323618 bytes
->Temporary Internet Files folder emptied: 464973693 bytes
->Java cache emptied: 5994792 bytes
->FireFox cache emptied: 31188308 bytes
->Flash cache emptied: 57983 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 353891799 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36279463 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 984.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08092013_184001

Files\Folders moved on Reboot…
C:\Users\jjjj\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\jjjj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\jjjj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\jjjj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0S1O0IE\index[1].htm moved successfully.
C:\Users\jjjj\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp_avast_\unp171711092.tmp moved successfully.
C:\Windows\temp_avast_\unp202135954.tmp moved successfully.
File\Folder C:\Windows\temp_avast_\unp208484239.tmp not found!
File\Folder C:\Windows\temp_avast_\unp209207283.tmp not found!
File\Folder C:\Windows\temp_avast_\unp35917071.tmp not found!
C:\Windows\temp_avast_\unp87771245.tmp moved successfully.
C:\Windows\temp_avast_\unp9111578.tmp moved successfully.
File move failed. C:\Windows\temp_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_DEVILDOG$\10528 not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

Files\Folders moved on Reboot…
C:\Users\jjjj\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\jjjj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat not found!
File\Folder C:\Users\jjjj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
File\Folder C:\Users\jjjj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A0S1O0IE\index[1].htm not found!
C:\Users\jjjj\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp_avast_\unp171711092.tmp not found!
File\Folder C:\Windows\temp_avast_\unp202135954.tmp not found!
File\Folder C:\Windows\temp_avast_\unp208484239.tmp not found!
File\Folder C:\Windows\temp_avast_\unp209207283.tmp not found!
File\Folder C:\Windows\temp_avast_\unp35917071.tmp not found!
File\Folder C:\Windows\temp_avast_\unp87771245.tmp not found!
File\Folder C:\Windows\temp_avast_\unp9111578.tmp not found!
File move failed. C:\Windows\temp_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_DEVILDOG$\10528 not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

There may be some delay due to differing time zones and availability, it is now just after 1:40 am in the UK so essexboy will be in bed. He should be back later today.

after quick scan OTL