I first obtained the pop-up alert 2 weeks ago. Then it has been going on quite recently.
I have been following your guide and attached the related files to this post.
One detail : even though it is mostly related to svchost.exe, I have seen other names but very rarely.
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
I followed the instructions and had an unfortunate chain of events :
Combofix ran (in chinese), and on 3 key registry which looked like the system one, did not have permission to change
Combofix restarted my system, and I was prompted that the report had been created (I think I attached the right file, hopefully)
Last warning message was showing a problem related to ERUN (sorry no details)
From this point onward, I could open no file at all. Music, video, chrome : nothing. So I was left with no choice : system restore
The restore could not go 100% and right now I can open file and access internet (thank god) but I was prompted several times that command sent to the file/software were facing problems.
When I restore, the Avast pop-up warning was still there.
You had me scared for a minute guys.
EDIT : Okay, so now that I can open the browser, I have seen the marked for deletion line in red. (stupid me) I will undo the system restore and restart it to see if the item marked for deletion can open. Will let you know of progress. The log should be the same anyway.
So, I could not undo the restore. Hence I simply rerun a Comboxfix. Attached, please find the log.
Some additional info on the Combofix process :
The following error message appeared :
" Exception EAccessViolation in module ERUNT.3XE at 00003A38.
Access violation at address 00403A38 in module ‘ERUNT.3XE’. Read of address 0076005D"
It appeared at 3 stages :
When the CBFix blue screen was at the 3rd step. (very beginning)
When the CBFix blue screen was completed. (right before the restart)
When the CBFix blue screen notified that the report was created.
This time, the CBFix log opened itself. (It did not on first run)
This time, I could normally interact with softwares and files. (no marked for deletion warnings)
AVAST did not restart automatically, I had to manually look for it and restart.
I am using a VPN to access foreign websites (FB, Youtube, Google), but this operation somehow messed with my connections setting and now the VPN is not working anymore, so I uninstalled it.
This morning I restarted the computer and in 40 minutes I did not see svchost.exe pop alert yet. So far, it is gone.
However, the 2nd type : AvastEmUpdate pop up error was displayed once.
I will edit this message if svchost.exe comes back.
EDIT: svchost.exe pop up comes back.