URL.Mal

system · February 26, 2013, 2:44pm

Hi guys please help.
For the passed few days i have been struggling with URL.MAL and i have tried alot of things already.

I have done a boot scan with avast cause vast keeps popping up with the warning. It finds 2 problems delete them restart and its back.
Malwarebytes ran it with TDSkiller got some issues deleted it this worked until the next day then it was back again best is when its back malwarebytes doesnt pick it up at all.
Roguekiller with trend micro scanner did the trick but guess what its back again today.
Even tried a MBR rewrite

This thing just keeps coming back.

I dunno what to use anymore any advice?

Asyn · February 26, 2013, 2:47pm

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

system · February 26, 2013, 5:32pm

Adw Cleaner Logs

AdwCleaner v2.113 - Logfile created 02/26/2013 at 17:00:35

Updated 23/02/2013 by Xplode

Operating system : Windows 7 Ultimate (64 bits)

User : Anton - ANTONSIN

Boot Mode : Normal

Running from : C:\Users\Anton\Downloads\adwcleaner.exe

Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Anton\AppData\Local\Temp\OpenCandy
Folder Found : C:\Users\Anton\AppData\Local\Temp\TempDir

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\AppID{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\CLSID{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\Interface{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\ Google Chrome v25.0.1364.97

File : C:\Users\Anton\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

AdwCleaner[R1].txt - [5058 octets] - [26/02/2013 17:00:35]

########## EOF - C:\AdwCleaner[R1].txt - [5118 octets] ##########

system · February 26, 2013, 5:38pm

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-26 17:04:34

17:04:34.049 OS Version: Windows x64 6.1.7600
17:04:34.049 Number of processors: 4 586 0x502
17:04:34.051 ComputerName: ANTONSIN UserName: Anton
17:04:37.364 Initialize success
17:04:37.513 AVAST engine defs: 13022600
17:04:41.997 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
17:04:42.012 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
17:04:42.026 Disk 0 MBR read successfully
17:04:42.029 Disk 0 MBR scan
17:04:42.032 Disk 0 Windows 7 default MBR code
17:04:42.041 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
17:04:42.068 Disk 0 scanning C:\Windows\system32\drivers
17:04:59.035 Service scanning
17:05:23.896 Modules scanning
17:05:23.902 Disk 0 trace - called modules:
17:05:23.959 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
17:05:23.962 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8007b8f5d0]
17:05:23.966 3 CLASSPNP.SYS[fffff880018df43f] → nt!IofCallDriver → [0xfffffa8007a68520]
17:05:23.972 5 ACPI.sys[fffff88000e62781] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a64680]
17:05:25.917 AVAST engine scan C:\Windows
17:05:30.538 AVAST engine scan C:\Windows\system32
17:08:38.726 AVAST engine scan C:\Windows\system32\drivers
17:08:53.295 AVAST engine scan C:\Users\Anton
18:55:04.770 AVAST engine scan C:\ProgramData
19:05:56.665 Scan finished successfully
19:29:13.213 Disk 0 MBR has been saved successfully to “C:\Users\Anton\Desktop\MBR.dat”
19:29:13.219 The log file has been saved successfully to “C:\Users\Anton\Desktop\aswMBR.txt”

system · February 26, 2013, 5:41pm

Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b8f5d0, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\Disk
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a7a040, DeviceName: Unknown, DriverName: \Driver\partmgr
DevicePointer: 0xfffffa8007b8f5d0, DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\Disk
DevicePointer: 0xfffffa8007a68520, DeviceName: Unknown, DriverName: \Driver\ACPI
DevicePointer: 0xfffffa8007a64680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0, DriverName: \Driver\atapi
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0, DriverName: \Driver\Disk
Upper DeviceData: 0xfffff8a010c24700, 0xfffffa8007b8f5d0, 0xfffffa800a470790
Lower DeviceData: 0xfffff8a0109e7c50, 0xfffffa8007a64680, 0xfffffa80077efe40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers…
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0…
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 44F4B22F

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048  Numsec = 976766976
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0  Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0  Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)…
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006a0c790, DeviceName: \Device\Harddisk1\DR1, DriverName: \Driver\Disk
--------- Disk Stack ------
DevicePointer: 0xfffffa80099d8040, DeviceName: Unknown, DriverName: \Driver\partmgr
DevicePointer: 0xfffffa8006a0c790, DeviceName: \Device\Harddisk1\DR1, DriverName: \Driver\Disk
DevicePointer: 0xfffffa8009a2c060, DeviceName: \Device\000001ea, DriverName: \Driver\USBSTOR
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1, DriverName: \Driver\Disk
Upper DeviceData: 0xfffff8a0107b1f20, 0xfffffa8006a0c790, 0xfffffa8007b52790
Lower DeviceData: 0xfffff8a0130e1a20, 0xfffffa8009a2c060, 0xfffffa800765be40
Drive 1
Scanning MBR on drive 1…
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4B57300