svchost.exe url: mal

I started receiving these url: mal notifications from avast with a site by the name of opticipal.net in question after some sketchy software found its way onto my laptop. I was quick to delete the files and start a scan, but nothing was found. I did a FRST scan, which I have attached to the post.

EDIT: Got the MBAM log, just waiting on the third scan to finish.
EDIT 2: And that’s the third.

Attach your basic logs. (MBAM, FRST and aswMBR…!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

Ah, I see, I will rectify that as soon as possible. And it appears that in my zeal to rectify the problem, I created two duplicate threads. I would have deleted them myself, but I seem to be unable to.

Already took care of them. :wink:

That should be all of them.

Do you have the FRST additions.txt as well please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-21-2737675255-3721385383-2799802908-1001\...\Winlogon: [Shell] expstart.exe <==== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION URLSearchHook: HKCU - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File SearchScopes: HKLM-x32 - DefaultScope {0994DFCE-05EB-4DCD-81A8-3B587B2EDA5D} URL = SearchScopes: HKCU - {0994DFCE-05EB-4DCD-81A8-3B587B2EDA5D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3282812&CUI=UN76113378111946031&UM=2 SearchScopes: HKCU - {FC727729-216F-42AA-81B5-74F4D6DFF671} URL = http://search.conduit.com/Results.aspx?ctid=CT3304761&SearchSource=45&UM=2&q={searchTerms} Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File CHR HomePage: Profile 1 -> hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN32559949949594401&UM=2&sspv=CHNTR2 CHR StartupUrls: Profile 1 -> "hxxp://search.conduit.com/?ctid=CT3282812&SearchSource=48&CUI=UN32559949949594401&UM=2&sspv=CHNTR2" C:\ProgramData\hash.dat C:\ProgramData\uninstaller.exe C:\Users\Tyler Branham\jagex_cl_loginapplet_LIVE.dat C:\Users\Tyler Branham\jagex_cl_oldschool_LIVE.dat C:\Users\Tyler Branham\jagex_cl_runescape_LIVE.dat C:\Users\Tyler Branham\jagex_cl_runescape_LIVE1.dat C:\Users\Tyler Branham\jagex_cl_runescape_LIVE_BETA.dat C:\Users\Tyler Branham\random.dat EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Ok, here’s the addition file and the fixlog FRST generated. Currently running the cleaner program.

EDIT: It seems to have worked, and I am no longer getting the notification.

AdwCleaner may get these but lets be doubly sure. Once AdwCleaner has finished then run this fix

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Task: {5E114F3A-6E3C-4AD8-A1C7-0075442DE724} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION Task: {D50CFB0A-AA0F-4E5B-9951-615BFEFC2097} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION Task: {F9121529-147C-41D4-86AA-AD3143E14CD1} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION AlternateDataStreams: C:\Users\Tyler Branham\Cookies:qXjZDYo8Zqr3G3Mtl8jYhyi AlternateDataStreams: C:\Users\Tyler Branham\Cookies:R3BL1N90SaN9CLAn2b4yi AlternateDataStreams: C:\Users\Tyler Branham\AppData\Local\3fmeS1CIGFZf:mEqJS29RD8xn997n8iLDCEceuB AlternateDataStreams: C:\Users\Tyler Branham\AppData\Local\Temporary Internet Files:vuK96pOV4p4AsSfuz9kNzc2W8 C:\Program Files (x86)\Registry Dr C:\Program Files (x86)\ExpressFiles EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that