URL:Mal popups

Receiving many URL:Mal popups with all browsers. How can we avoid being infected by these? Son only downloads and installs STEAM games. Is there software out there to prevent these items from ever getting on the system to begin with?

Thank you for any assistance you can provide. Also, do you see anything in here that would prevent Windows Updates?

Hi what errors are you getting with windows updates ?

Hi you will need to fully uninstall Chrome as it has been changed to developer build. This means there are no security restrictions on it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKU\S-1-5-21-1241720918-2345475059-1800243958-1005 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-1241720918-2345475059-1800243958-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-1241720918-2345475059-1800243958-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File CHR Extension: (savinshop) - C:\Users\Kendrick.parker-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehpahghlicpnpopgpffdnhedldgmaebj [2014-11-22] 2014-11-22 15:08 - 2014-11-23 13:46 - 00000000 ____D () C:\ProgramData\deal4real 2014-11-22 15:08 - 2014-11-22 15:09 - 00000000 ____D () C:\ProgramData\11e65f9dd0015b0d 2014-11-22 14:48 - 2014-11-22 14:49 - 01937010 _____ () C:\Users\Kendrick.parker-PC\Downloads\HoxHud P8.3 Self-installer.exe 2014-11-22 10:33 - 2014-11-22 10:33 - 00000000 ____D () C:\Users\Kendrick.parker-PC\Documents\Optimizer Pro

EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download and run farbar service scanner

https://dl.dropboxusercontent.com/u/73555776/fssscan.JPG

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Windows Update continues to present this error code: Code 80070002

AdwCleaner[S0].txt

AdwCleaner v4.101 - Report created 23/11/2014 at 15:42:42

Updated 09/11/2014 by Xplode

Database : 2014-11-23.7 [Live]

Operating System : Windows 7 Home Premium (64 bits)

Username : Kendrick - PARKER-PC

Running from : C:\Users\Kendrick.parker-PC\Downloads\AdwCleaner.exe

Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software

***** [ Scheduled Tasks ] *****

Task Deleted : driverupdate startup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\ Internet Explorer v8.0.7600.16766

-\ Mozilla Firefox v33.1.1 (x86 en-US)


AdwCleaner[R0].txt - [2542 octets] - [23/11/2014 15:15:24]
AdwCleaner[S0].txt - [2444 octets] - [23/11/2014 15:42:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2504 octets] ##########

FSS.txt

Farbar Service Scanner Version: 21-07-2014
Ran by Kendrick (administrator) on 23-11-2014 at 15:47:03
Running from “C:\Users\Kendrick.parker-PC\Downloads”
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal


Internet Services:

Connection Status:

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:

Firewall Disabled Policy:

System Restore:

System Restore Disabled Policy:

Action Center:

Windows Update:

Windows Autoupdate Disabled Policy:

Windows Defender:

Other Services:

File Check:

C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Could you run the relevant MSFixit on this page and then try windows updates http://support.microsoft.com/kb/971058

How is the computer behaving at the moment ?

I’m still receiving threat notifications from Avast for URL:Mal items. The Windows Update fix doesn’t resolve the issue.

Deleted.

Have you uninstalled Chrome yet ?

Yes, chrome is uninstalled. I’m providing updated logs, not sure if it helps. Also screenshot of the URL:Mal message. No threats detected by malwarebytes.

Appears to be working now, no popups. There was an add in for Mozilla that was still causing trouble, but I removed that. Now I’ll try and figure out the Windows update, so I don’t need to wipe the system.

Thanks for the help.

Did the MS fixit give you the option for Aggressive ? If so and it did not work then download and run SRT from here http://support.microsoft.com/kb/947821/en-gb