URL:Mal messages

Greetings,
I had some URL:Mal messages pop up last night, so I ran the usual scans and am attaching logs here. Some COM surrogate processes were very frequent for a while, but now they are not showing up very much. There are some unusual hidden files shown in FRST’s log at 8:41 on November 8, when one son might have been playing some online games; but other than that I can’t think of changes to the computer since the last cleaning a week or so ago. Maybe just a rogue file on a website somewhere found us again.

As always, thank you for the review.

Nothing really showing there, a few orphans to remove just to tidy up is all

Are you still getting the alert or was it a one off

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File CustomCLSID: HKU\S-1-5-21-1478152029-1971740551-3079562967-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Campbells\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1478152029-1971740551-3079562967-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Campbells\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1478152029-1971740551-3079562967-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Campbells\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1478152029-1971740551-3079562967-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Campbells\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1478152029-1971740551-3079562967-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Campbells\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File AlternateDataStreams: C:\Users\Campbells\Downloads\PS2LE.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

Thanks for the lines for the fix. I attached the results here.

For about three hours last evening there were about eight or ten “threat detected” messages, and the COM surrogate processes would sprout up constantly, taking up lots of memory. But at some point while the scans were running last night, those messages and processes seemed to stop. I don’t think any threats came up all day today, even before I posted here. You mentioned there doesn’t seem to be anything specific going on, so maybe it was just an anomaly for some reason.

Anyway, thank you again for your time and help.

That sounds as though Poweliks was trying to run but there is no sign at all on your system. Could you monitor it for a while and let me know if it occurs again

OK, will do…