Need help removing URL:Mal svchost.exe

[REDACTED]

Avast alerted me to an infection / malicious website, and I'm seeking help locating and removing it.
Object = sso.anbtr.com/domain/wpad.work
Infection = Url:Mal
Process = C:\windows\system32svchost.exe
I am running Windows 10 Pro 64bit
Thanks in advance

[Asyn]

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253

[REDACTED]

ok hrere is the scan logs you requested .

[essexboy]

Open FRST and in the search box copy/paste the following :

sso.anbtr.com;wpad.work

Then press search registry
On completion a text pad will be produced
Please attach that

Also do you use this computer for work ?

[REDACTED]

no my wife does accounts for a friend on it

[essexboy]

Hmm not seeing it in the registry

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your Desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool
  
• Click the Scan button and wait for the process to complete.
  
• Click the logfile button and the log will open in Notepad
  
• Click on the Clean button follow the prompts.
  
• A log file will automatically open after the scan has finished and the PC has rebooted
• Please post the content of that log file with your next answer.
• The report will be saved in the C:\AdwCleaner folder.

[REDACTED]

ok here it is

[REDACTED]

ok after I press clean the progran freezes and stops responding = Not Responding
but here is the log file

[essexboy]

Hmm could you reboot and then run AdwCleaner again please.  Is Avast still alerting

[REDACTED]

ok i rebooted twice ans same thing happens program lock up when i click on clean
but i attached the logfile and its still alearting

[essexboy]

OK lets now try this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Tcpip\Parameters: [DhcpNameServer] 216.131.91.251 216.131.91.252 208.67.222.222
Tcpip\..\Interfaces\{cfc12fb4-2711-4ae6-ba2e-e3bf02891a74}: [DhcpNameServer] 216.131.91.251 216.131.91.252 208.67.222.222
S2 ClanoyplkulyCoreberweckfadeck.exe; "C:\Program Files (x86)\Wuzokrermupy\ClanoyplkulyCoreberweckfadeck.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
C:\Program Files (x86)\Wuzokrermupy
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

[REDACTED]

heres the fixlog and avast is alearting me even more often now every few seconds
Process = c:\windows\system32\dllhost.exe
also got the clean function to work in safe mode and here are the results

[Pondus]

Essexboy will be back online tomorrow, usually after 15:00 european time

[essexboy]

Could I have a fresh FRST scan please and a screenshot of the Avast alert

[REDACTED]

here is the results
pics wont upload say there are to big,  1= 4.mb is there anyway to reduce them first??