I started receiving these url: mal notifications from avast with a site by the name of opticipal.net in question after some sketchy software found its way onto my laptop. I was quick to delete the files and start a scan, but nothing was found. I did a FRST scan, which I have attached to the post.
EDIT: Got the MBAM log, just waiting on the third scan to finish.
EDIT 2: And that’s the third.
Ah, I see, I will rectify that as soon as possible. And it appears that in my zeal to rectify the problem, I created two duplicate threads. I would have deleted them myself, but I seem to be unable to.
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
HKU\S-1-5-21-2737675255-3721385383-2799802908-1001\...\Winlogon: [Shell] expstart.exe <==== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File
SearchScopes: HKLM-x32 - DefaultScope {0994DFCE-05EB-4DCD-81A8-3B587B2EDA5D} URL =
SearchScopes: HKCU - {0994DFCE-05EB-4DCD-81A8-3B587B2EDA5D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282812&CUI=UN76113378111946031&UM=2
SearchScopes: HKCU - {FC727729-216F-42AA-81B5-74F4D6DFF671} URL = http://search.conduit.com/Results.aspx?ctid=CT3304761&SearchSource=45&UM=2&q={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR HomePage: Profile 1 -> hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN32559949949594401&UM=2&sspv=CHNTR2
CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN32559949949594401&UM=2&sspv=CHNTR2"
C:\ProgramData\hash.dat
C:\ProgramData\uninstaller.exe
C:\Users\Tyler Branham\jagex_cl_loginapplet_LIVE.dat
C:\Users\Tyler Branham\jagex_cl_oldschool_LIVE.dat
C:\Users\Tyler Branham\jagex_cl_runescape_LIVE.dat
C:\Users\Tyler Branham\jagex_cl_runescape_LIVE1.dat
C:\Users\Tyler Branham\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Tyler Branham\random.dat
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.