URL MAL keeps getting blocked

hi i get messages like this one every time i open my browser. Can this be fixed?

URL: http://veterance.info/sync2/?q=hfZ9oemPC6Z9tNbPhd9GrTw5pchTB6lKDzt4oktxtNtVh7n0rjkEqTa8rTw8rTn4tMFHhd9Fqja7rdkGrjk8qdYMDMlGojUMAe4UojgErjk4rTaFpjw9qTr8qjn6qShHC7n0rjaHqTwHpjn4pdCFpdY6qHkErSh5BMxJhj8wAfqTB6lKDwl5DchOAen0rjkHqHk7qjU8qdwFqdrHrTY5rHYMhfZPhd9Fqjr6qjg8pjk9rjw9rHrGpdYHpchLC7VUojgErGhPBNq9ojsEtMtHojwMDyxNf7VUoja%3D&amse=disxt&xname=DiscountExt

Infectie: URL:Mal

Proces: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

here are the log files

Hello,

https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

[*]Right-click on
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/51a612a8b27e2-Zoek.png
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
[]Wait patiently until the main console will appear, it may take a minute or two.
[
]In the main box please paste in the following script:

createsrpoint;
autoclean;
C:\Program Files (x86)\OLBPre;fs
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b

[*]Make sure that Scan All Users option is checked.
[*]Push Run Script and wait patiently. The scan may take a couple of minutes.
[*]When the scan completes, a zoek-results logfile should open in notepad.
[*]If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Stijn on di 23/06/2015 at 15:37:33,30.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Stijn\Downloads\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 15:38:37,90 =====

— Create Environment Variables 15:38:40,70
— Create System Restore Point 15:38:56,31
— Checking Input 15:39:43,76
— AU AppData Check 15:40:11,88
— Remove From Windows Installer 15:40:20,34
— Empty Folders Check 15:41:51,12
— Registry HKLM Software Check 15:41:51,18
— Quick Launch Shortcut Check 15:42:12,13
— IE Startpage Check 15:42:16,32
— Program Files DB Check 15:42:54,08
— C:\Users\Default\AppData\Roaming DB Check 15:45:22,26
— C:\Users\Default User\AppData\Roaming DB Check 15:45:22,26
— C:\Users\Stijn\AppData\Roaming DB Check 15:45:22,26
— C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming DB Check 15:45:22,26
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming DB Check 15:45:22,26
— C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming DB Check 15:45:22,26
— C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming DB Check 15:45:22,26
— C:\Users\Stijn DB Check 15:52:46,62
— C:\PROGRA~3 DB Check 15:53:43,75
— C:\Users\Default\AppData\Local DB Check 15:53:56,50
— C:\Users\Default User\AppData\Local DB Check 15:53:56,50
— C:\Users\Stijn\AppData\Local DB Check 15:53:56,50
— C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check 15:53:56,50
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check 15:53:56,50
— C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check 15:53:56,50
— C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check 15:53:56,50
— C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 15:59:30,25
— C:\Users\Stijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 16:00:06,32
— Tasks DB Check 16:00:29,31
— Downloads DB Check 16:00:42,47
— C:\Users\Stijn\AppData\LocalLow DB Check 16:00:57,55
— C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check 16:00:57,55
— C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 16:00:57,55
— C:\WINDOWS\serviceprofiles\networkservice\AppData\LocalLow DB Check 16:00:57,55
— C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check 16:00:57,55
— Tasks2 DB Check 16:04:59,66
— Documents DB Check 16:07:08,54
— C:\Users\Public\Desktop DB Check 16:07:40,99
— C:\Users\Stijn\Desktop DB Check 16:08:00,50
— Services DB Check 16:08:33,40
— FF prefs.js DB Check 16:09:29,76
— Emptyclsid 16:09:32,75
— Del by CLSID 16:09:40,10

here you go

Zoek won’t finish?

i didnt wait long enough, now it is finished check the download file in the previous comment :slight_smile:

Excellent.

How is your PC behaving now?

i think it worked, thank you very much. Can I delete all the programs that i had to download to remove the malware?

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:

[]Remove disinfection tools
[
]Purge system restore
[*]Reset system settings

[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Thank you very much, sir :slight_smile: !!

today it happened again. URL MAL blocked, veterance.com.… AND adds an extension by itself called Discount Ext.
Can you please help me again? thanks anyway :slight_smile:
i did all the scans again and the log files are attached already

Run Farbar and attach the logs.

i did :slight_smile: check the previous comment.

Unless you installed it yourself, malware has changed Chrome into a developer version which allows other malware to install without the user noticing it.
I suggest you start with removing Chrome.

okay i did it now. Should I do something else?

No, just wait till one of the malware removers guide you further.
Most are in Europe and it is night here, so have patience please.

Okay, no problem :slight_smile:

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

here you go