pop up malware even if i am not on that site, process from taymonitor?

[cho1_1]

hi i am new to the fourms and i have been using avast for a while so it happen after the update from avast and when i'm log on to my computer surfing i get a pop up once a while or every time i log in my computer  and after a while  it looks like this

Infection Details
URL:   http://mciupdate.com/mcicidupdate.php?ci...
Process:   C:\Users\cho\AppData\Local\Temp\Traymoni...
Infection:   URL:Mal

its like traymonitor is trying to open to mal site and i don't even been their visit that site at all. and also i used avast scan if i can find anything but none showed up and the avast pop up warning me of that url and i even upgraded my avast account and still avast pop up, so please if anyone got time i would like some advice is this normal or is something making my computer to go visit that site without me knowing?

[Pondus]

attach the requested logs   http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done a removal expert will be notified and help you

[cho1_1]

this is four log reports after i use the programs.

[Pondus]

malware removers are notified, they are in bed now so check back tomorrow

[essexboy]

An executable file should never be running from the temporary folder, where did you get tray monitor from

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
c:\Users\cho\AppData\Local\Temp\Traymonitor.exe
O2 - BHO: (GetSavin 5.0) - {9976482F-FF0E-4797-B5AC-7E7AA3FCB3B7} - C:\Users\cho\AppData\Local\getsavin\ie\getsavin_1361393438.dll File not found
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O4 - HKLM..\Run: [AutoLoader] C:\Users\cho\AppData\Local\Temp\Traymonitor.exe ()
O4 - HKU\S-1-5-21-3906683522-2347737554-1114302172-1000..\Run: [StartNow Search Protect] C:\Program Files (x86)\StartNow Toolbar\search_protect.exe ()
[2013/03/22 00:30:52 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/03/23 15:52:43 | 000,000,578 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for cho.job
[2012/01/10 06:38:44 | 000,008,344 | -HS- | C] () -- C:\Users\cho\AppData\Local\00ngb63mru7714evdrm52mkpiq6fo50rpi3t22s4v40ifc
[2012/01/10 06:38:44 | 000,008,344 | -HS- | C] () -- C:\ProgramData\00ngb63mru7714evdrm52mkpiq6fo50rpi3t22s4v40ifc

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[cho1_1]

ok i have done as instructed and looks like i won't be seeing that alert for a good while here is the scan after. you have my thanks.

[mchain]

FYI:

http://sitecheck.sucuri.net/results/mciupdate.com
http://zulu.zscaler.com/submission/show/f91cf40f3724767a4b3729ed6d8c5cc5-1364721653
http://urlquery.net/report.php?id=1702508  Note the screenshot of the actual webpage is blank.

If you can, please disable the live link in your first post in this manner:  hxxp://....

[essexboy]

Any further problems ?

[cho1_1]

sorry i had to be sure that pop dosen't come back up again im all good thank you so much for your time.

[essexboy]

Run OTL and press the cleanup button to remove it

[cho1_1]

thanks it worked.