svchost.exe malware

Guys i keep getting this pop up from avast of a svchost.exe malware.
It says the location is C:\Windows\System32\svchost.exe
and the URL written is “hxxp://opticized.net/?e=pfvd&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&clsb=1&unp=Azm9CdOLv7DVDyxECyFPg7x9Ae0KBfUKAe4MBG0VWznLDe4PBNq9geFI&publisher=20336&dd=4&country=PK&ind=2241941357018374917&exid=1414873202564349729&ssd=2234832947112201667&hid=1960636956843771243&osid=602&channel=0&sfx=1&ne=1&prs=4&pnum=2&jc=1&category_name=%GoSaveKeys_CategoryName%&install_date=20131102”

It pops up every two minutes or so…
PLEASE HELP! It’s the first time a virus has breached my computer.
Running windows 8 on an HP laptop.

https://forum.avast.com/index.php?topic=53253.0

Here are the logs. I also attached an image grab of the avast notification pop up details page.

I downloaded malwarebytes anti malware and it picked up some 180 detections which all were quarantined and pc rebooted. But the pop up i mentioned in the above post still comes up every few minutes. I’ve been using laptop virus free for years so this is the first occurrence, now realising how i suck at this tech stuff :confused:

waleed could you attach the FRST logs please

I got the same problem.

I think it started when i tried downloading some driver stuff a couple of days ago.

What data do i need to help?

Kim

Please start your own topic and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0

Here you go, sorry for the delay :slight_smile:

Could you let me know what problems remain after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => No File Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta68\ff [Not Found] 2014-11-04 03:01 - 2014-11-04 03:01 - 00003192 _____ () C:\Windows\System32\Tasks\{A2FB87BB-BB70-423A-AC8A-DEAC25BA1A3D} 2014-11-02 02:47 - 2014-11-06 12:25 - 00000000 ____D () C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840 Task: {42123375-12A1-4ED1-9611-6C12F62ECCF5} - \YourFile DownloaderUpdate No Task File <==== ATTENTION EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

So i have attached both the logs you requested. I hope i have done it correctly.
My pc just rebooted so i will have to use the laptop for a day atleast and if any notifications or warnings arise again i will most certainly let you know. Thanksss a lot for all this help :slight_smile:

Do let me know if anything else is required.