Url:Mal pop-ups from seemly sound sources

[jeffce]

Hi,

Good job running that. 

Download Combofix from either of the links below, and save it to your desktop. 
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you. 

• Please post the C:\ComboFix.txt for further review.

[Sprey]

Hi I've attached the combofix log. Looking at it it looks like I forgot to turn off windows defender, so if that's a problem just tell me and I'll run it again

[jeffce]

No you ran it just fine.  If there were a problem I would just have you run it again. 
------------------

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

Code: [Select]

ClearJavaCache::

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Attach the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

[Sprey]

Ok, combofix round two here we go

Also, I was just thinking (after getting another couple of pop-ups following this last round of combo fix, one from avast.setup and one from svchost.exe both Url:Mal) would it be worth reinstalling avast? Or is the problem definitely not with avast? It's just that, for example, the malwarebytes protection module is running now on my system and doesn't pick up these supposed malicious url connections, just avast...

EDIT: came back to my computer and the avast screensaver scan just found OTL.exe to be a threat of type malware-gen, but I downloaded it from your link so am I safe to "do nothing" with it?

[jeffce]

Hi,

Sorry been a bit busy today...sold house and looking for new one, but I will return as quickly as I can.

No you can leave OTL alone.  Some of the tools that we use will pop up on scanners but they are False Positives. 

[jeffce]

Hi,

Sorry for the delay.  Be sure to PM me if you find I haven't responded in two days. 

Your ComboFix log looks good.  Are you still receiving the popups? 

[Sprey]

Yes I am still receiving them and also Call of Duty MW3 was being a bit choppy yesterday when I booted it up (it isn't normally), but I can't remember the last time I played and thus I don't know if this is a response to malware, or one of the fixes that I ran under your instruction (ofc I'm not blaming you, the help was appreciated, I just can't tell what caused this sudden choppiness in game...)

What do you think the next step should be? (attached is my last pop-up from avast)

EDIT: don't worry about the delay, it sounds like you are very busy at the moment with your new house hunt

[DavidR]

<snip>
Sorry for the delay.  Be sure to PM me if you find I haven't responded in two days. 
<snip>

Jeff - Unfortunately forum members that have less than 20 posts aren't able to use the PM function, an anti-spam measure.

[jeffce]

Jeff - Unfortunately forum members that have less than 20 posts aren't able to use the PM function, an anti-spam measure.

Quite right sir.  Thank you. 

[jeffce]

Hi,

To be on the safe side let's uninstall and then reinstall Chrome.  Be sure that you have all of your passwords and favorites/bookmarks saved so that you can put them back.    Let me know when you have those saved and I will get you the instructions on how to remove Chrome and then get a fresh copy. 

[Sprey]

Ok, I've synced all my data so I should be ok to re-install and then get back all my settings/bookmarks etc. so I am ready for the re-install.

[jeffce]

Hi,

Ok....

Please do the following:

Hold down the Windows key and press R to open a run box
type the following text into the run box

appwiz.cpl

This will open your Programs And Features. A list of installed programs will populate

Remove the following programs:

Google Chrome
----------

Then visit the page here >> https://www.google.com/chrome to download and install a new copy of Google Chrome. 

Once installed let me know if you are still receiving the popups. 

[Sprey]

Haha, just after uninstall (untitled.png) and just after re-install (untitled2.png)

Problem is still here

(I am now going to reboot but I doubt that'll change much)

[jeffce]

Run a new scan with OTL and attach the new log that is made. 

[Sprey]

ok, ran a quick scan of all users with LOP and purity unchecked... OTL log 4 attached.