Svchost.exe Url:Mal

[essexboy]

OK reboot and run Combofix from safe mode please, if that fails

 Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

[glitchs2d]

Here is the new Combofix log

[essexboy]

OK explorer appears to be OK ...  Is Avast still alerting on it on boot ? 

[glitchs2d]

Same thing, this time it first logged me into a temporary account I logged out then tried to log back in and it went to the correct account. I was then greeted by the same pop up all over again.

[essexboy]

Go to Virustotal
Click Choose File and navigate to c:\Windows\explorer.exe and select it
Then press scan it


Once it has completed could you copy the link and post it here

[essexboy]

Could you disable Skype from starting with the computer and see if that cures it

[glitchs2d]

Here is the link and I will try to disable skype and see https://www.virustotal.com/en/file/6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a/analysis/1395510239/

Update: When I disabled Skype I still received the message about explorer being infected.

[essexboy]

OK something is using explorer to try and update ... Lets find it

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from. 
  
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

[glitchs2d]

Here are the logs

[essexboy]

Sneaky there was a hidden task there that ran after we removed it the first time

Download the attached Fixlist.txt to the same location as FRST
Run FRST and press Fix
On completion a log will be generated please post that

[glitchs2d]

Here is the new log. The pop-up didn't show up after it restarted.

[essexboy]

Could you run a fresh FRST scan please to make sure I left nothing behind

[glitchs2d]

Here is the new scan.

[essexboy]

That looks to have cleared it, with Avast blocking the call home function it was unable to replce the rcpss file again

Run the computer as normal for a short while to ensure all is OK

I will now look out for that task which is a new twist.  Thank you for your perseverance 

[glitchs2d]

No, thank you for your assistance I would have been completely lost without your help. If I run into any other problems I will be sure to post again.