malicious url blocked

[sweetred]

keeps popping up even when not surfing. url:mal , im gonna try to attach logs from the page that helps remove stuff.

[sweetred]

copy and past from mbam
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Mom :: MOM-PC [administrator]

Protection: Enabled

3/26/2013 7:41:51 AM
mbam-log-2013-03-26 (07-41-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229764
Time elapsed: 49 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3816 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
I had to restart instantly.

looks like that was a fail 2nd try, thanks for the help.

[sweetred]

I also got a report to large to post here.
it starts like this:
2013/03/26 06:38:39 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 06:38:39 -0400   MOM-PC   Mom   ERROR   Quarantine failed:  DeleteFile failed with error code 5
2013/03/26 07:02:48 -0400   MOM-PC   (null)   MESSAGE   Starting protection
2013/03/26 07:02:48 -0400   MOM-PC   (null)   MESSAGE   Protection started successfully
2013/03/26 07:02:48 -0400   MOM-PC   (null)   MESSAGE   Starting IP protection
2013/03/26 07:03:09 -0400   MOM-PC   Mom   MESSAGE   IP Protection started successfully
2013/03/26 07:03:31 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:03:50 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:04:01 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:04:11 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:04:22 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:04:32 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:04:42 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:04:52 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:05:03 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:05:13 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:05:23 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:05:33 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:05:43 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:05:53 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:06:04 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:06:14 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:06:24 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:06:34 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:06:44 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:06:54 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:07:05 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:07:15 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:07:25 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:07:35 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:07:45 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:07:55 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:08:05 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:08:16 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:08:26 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:08:36 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:08:46 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:08:56 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:09:06 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:09:17 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:09:27 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:09:37 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:09:48 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:09:58 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:10:08 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:10:20 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:10:30 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:10:40 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:10:51 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:11:02 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE
2013/03/26 07:11:12 -0400   MOM-PC   Mom   DETECTION   C:\Windows\svchost.exe   Trojan.Agent   QUARANTINE

[Pondus]

that is why you should attach and not copy and paste. 

AdwCleaner / Malwarebytes / OTL / aswMBR.   logs

[sweetred]

thanks but I was sure it said to copy and past in the post I was following,
my bad now my problem is browsing to the log from mbam,
thanks so much for any help in advance.

[Pondus]

thanks but I was sure it said to copy and past in the post I was following,
my bad now my problem is browsing to the log from mbam,
thanks so much for any help in advance.

yes....essexboy should change that in his guide
AdwCleaner / Malwarebytes / aswMBR are usually so small that they can be pasted in one post....and if big two posts, OTL however will take 10 posts with copy and paste, so to make it easy attach them all

you dont have to repost the one already posted....attach OTL and aswMBR

malware removers are notified and will check when they arrive later today

[sweetred]

otl logs I hope

[sweetred]

aswMBR logs wish me luck.

[sweetred]

I did not run the fix on OTL or aswMBR cause it didn't say to.
I hope I did the OTL right im not sure its in asni.
is it ok to run the fixes I work nights and need some sleep ill log out soon.

[essexboy]

Hi lets get at it

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 

• Doubleclick on TDSSKiller.exe to run the application
  
  
  
• Then click on Change parameters.
   
  
   
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
  
• Click the Start Scan button.
   
   
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
  
   
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
• Get the report by selecting Reports

 

• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  

Please copy and paste its contents on your next reply.

[sweetred]

TDSSKiller log12:02:59.0007 3008  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:02:59.0397 3008  ============================================================
12:02:59.0397 3008  Current date / time: 2013/03/26 12:02:59.0397
12:02:59.0397 3008  SystemInfo:
12:02:59.0397 3008 
12:02:59.0397 3008  OS Version: 6.1.7601 ServicePack: 1.0
12:02:59.0397 3008  Product type: Workstation
12:02:59.0397 3008  ComputerName: MOM-PC
12:02:59.0397 3008  UserName: Mom
12:02:59.0397 3008  Windows directory: C:\Windows
12:02:59.0397 3008  System windows directory: C:\Windows
12:02:59.0397 3008  Running under WOW64
12:02:59.0397 3008  Processor architecture: Intel x64
12:02:59.0397 3008  Number of processors: 2
12:02:59.0397 3008  Page size: 0x1000
12:02:59.0397 3008  Boot type: Normal boot
12:02:59.0397 3008  ============================================================
12:03:04.0155 3008  BG loaded
12:03:05.0247 3008  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:03:05.0341 3008  ============================================================
12:03:05.0341 3008  \Device\Harddisk0\DR0:
12:03:05.0356 3008  MBR partitions:
12:03:05.0356 3008  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
12:03:05.0356 3008  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0
12:03:05.0356 3008  ============================================================
12:03:05.0684 3008  C: <-> \Device\Harddisk0\DR0\Partition2
12:03:05.0684 3008  ============================================================
12:03:05.0684 3008  Initialize success
12:03:05.0684 3008  ============================================================

[essexboy]

There should be a larger log at C:\TDSSKiller date time  could you attach that

Have the alerts ceased ?

[sweetred]

larger TDSSKiller date time, sorry it took so long I had to get some sleep.
I hope one of these are it.
im not sure if the alerts have stopped I just woke up, but none have popped up while I was doing this 

[sweetred]

im back from work, not sure if you folks are working now or not just checking when I might expect a reply. thanks again for all your help!

[essexboy]

That should be the end of the alerts, just the file system to remove.. Avast may shout when these files are removed

Run TDSSKiller with the same parameters as before
When the following appears select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

Once done let me know how the computer is behaving