Error 5/URL:MAL Avg

[Forsosh]

Pretty sure I have a virus shoving data out of my computer, sometimes while i'm sleeping i'll get several blocks from AVG for app.facebookprofilefiew/v/add URL:Mal and I think i've zeroed the culprits down to these two registry entries in Rogue Killer but I was wondering if you guys could prove me with a Farbar fix cause i've run every program imaginable. Thank you so much 

FRST.txt

RougeKiller.txt

Addition.txt

[Forsosh]

Bumping, really need help, willing to start over from scratch with any tech willing to help

[Android8888]

Hello Forsosh and  Forums.

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Read all of my instructions very carefully because any mistake you can make during the cleaning process may have serious consequences such as leaving the computer unbootable.

Please DO NOT run any tools on your own or make any other changes to your computer and follow the directions in the order listed during the malware removal process, otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.

With that being said let's start.

I see that you previously ran ComboFix. This is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

 

Going over your logs I noticed that you have Torrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
• They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Torrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features
If you wish to keep it, please do not use it until your computer is cleaned.

 

Please uninstall the following program using the Programs and Features applet:
Hotspot Shield 7.1.2

 

Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
• Right-click on the FRST64 executable and select Run as Administrator;
• Click on the Fix button;
  
  Credits: Aura
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
• Please attach the fixlog.txt in your next reply;
  

Next,

• Download Malwarebytes Junkware Removal Tool (JRT) and move it to your computer's Desktop;
• Right-click on JRT.exe and select Run as Administrator;
• Press on any key to launch the scan and let it complete;
  
  Credits: Bleeping Computer and Aura
• Once the scan is complete, a log will open. Please attach that log in your next reply;
  

Next,

• Download Malwarebytes AdwCleaner and move it to your computer's Desktop;
• Right-click on AdwCleaner.exe and select Run as Administrator;
• Accept the EULA (I accept), let the database update, then click on Scan;
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
  
  Credits: Aura
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
• After the restart, a log will open when logging in. Please attach that log in your next reply;
  

 

Next,

• Open Malwarebytes;
• On the left pane select Settings;
• Select the Protection tab;
• Scroll down to Scan Options and ensure Scan for Rootkits is on and leave all other settings to default.
• Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
• When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
• While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
• The log can also be viewed by clicking the log to select it, then clicking the View Report button.
• Please attach the log in your next reply.

In your next reply please attach:
The fixlog.txt;
The JRT.txt log;
The AdwCleaner clean log;
The Malwarebytes log.

How is the computer running now? Are you still getting those messages from AVG?

Thank you.

Android8888

[Android8888]

Hello Forsosh.

I forgot to attach the fixlist.txt file. Sorry about that. Attached it now.

Android8888

fixlist.txt

[Forsosh]

I've done everything you've asked including the uninstalls, When my FRST scan finished, my comp restarted automatically. Also all scans were run in Safe mode, if you need me to do them over in real time, I am willing. Thank you 8888

AdwCleaner[S0].txt

Fixlog.txt

Malwarebytes.txt

JRT.txt

[Forsosh]

I actually just got another pop up from the same virus but this time it was from Malwarebytes real time protection, which I JUST turned on a few hours ago for the first time.  So i'm guessing MB caught it before AVG. 

[Android8888]

Hello Forsosh.

The logs are clean but there is some more work to do.

Next,

• Close all programs and browsers.
• Please disconnect any USB or external drives from the computer before you run this scan!
• Re-run RogueKiller.
• Note: For Windows XP, double-click to start. For Windows Vista, 7, 8 and 10 right-click on the icon and select Run as administrator.
• Click the Scan tab and then click the Start Scan button.
• Wait until the scan has finished. This may take some time consuming.
• When the scan completes:
• Checkmark (tick) the following against Registry entries and ensure that all other entries are not checkmarked.
  [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-421701019-363903958-4261496728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> ERROR [5]
  [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-421701019-363903958-4261496728-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> ERROR [5]
• Click on Remove Selected button.
• Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your Desktop.
• Close RogueKiller.
  

Please attach the RKlog.txt to your next reply.

Next,

Please scan your computer with ESET Online Scanner.

• Click on this link to open ESET Online Scanner in a new window.
  
  1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
  2. Close all your programs and browsers and disconnect any USB flash drives from the computer.
  3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
  4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

• Check mark Download latest version of ESET Online Scanner and click the Accept button.
• Click Yes to accept any security warnings that may appear.
• Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
• Then click Advanced settings and check mark the following options:
  
  • Enable detection of potentially unsafe applications
  • Clean threats automatically
    
• Click the Scan button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats.
• Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.
  

Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

 

In your next reply please attach the RKlog.txt file and the ESET log (if it produced one).

What issues or concerns do you still have with your computer.

[Forsosh]

I will start this in a moment but do you want me to do this in Safe Mode or Normal Mode?

[Android8888]

Please run both scans in Normal Mode.

[Forsosh]

I actually deleted those two things from RK this morning but it persisted, Also Eset didn't produce a log or find any threats, I haven't seen any popups lately but i'll see about when I wake up. I did your original steps in Safe mode, would you like me to do those over in Normal Mode?

RKlog.txt

[Android8888]

Hello.

The RogueKiller log is clean and you already did it in Normal Mode.

 

1 hour ago, Forsosh said:

Also Eset didn't produce a log or find any threats

This is also a very good sign.

 

Okay, just use the computer for some hours and check if the popups remain.

[Forsosh]

AVG caught it this time, it tried to ping 2 or 3 times after that I attached a screenshot to give you an idea of how it looks

 

AVG also says the file causing it is chrome.exe 

Edited September 30, 2017 by Forsosh

[Android8888]

Please proceed with the instructions in the links below and let me know if the problem persists.

Clear the cache, cookies and history of Google Chrome:

Google Chrome
https://support.google.com/accounts/answer/32050?hl=en

Reset Google Chrome settings to default:

Google Chrome
https://support.google.com/chrome/answer/3296214?hl=en

[Forsosh]

I'll do those in one minute, I was out and more of the Facebook ones popped up but also another different that also came from Chrome.exe popped up, here are the Screenshots

[Android8888]

11 hours ago, Forsosh said:

I'll do those in one minute,

Have you already cleared and reset Chrome settings?

[Forsosh]

Yes sir! Haven't seen a popup since! Maybe give it one more day but I think we're good. I'm embarrassed that it was that simple. Thank you so friggin much Rui

[Android8888]

You're very welcome Forsosh!

Okay, give it one more day or two and keep me posted about the results.

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!