Yesterday i downloaded something i obviously shouldn’t have… My computer is infected, but i’m still able to use it, and havn’t had any major problems yet…
Every 10 minutes I receive from avast about 51 warnings, one after the other, that avast managed to block something located in windows/system32/svchost.exe… Now and then i only get 4 messages…
I’ve tried so many things with out success… can someone help me out please…?
Mark
follow instructions and attach requested logs. https://forum.avast.com/index.php?topic=53253.0
All in one go or as indacted, post after each scan?
Thanks,
-M
usually Malwarebytes / OTL / aswMBR
when you have done all you can attach all in one post… or one by one if you prefer that
be sure to save OTL as ANSI and not Unicode so we can read it
Here we go… I did a FRST scan also becaus i had started following the instructions post.
-m
Extras from OTL i believe… forgot to post it…
Pondus, when svchost.exe is mentioned, skip the MBAM scan. It can be very dangerous.
Remover notified.
If I had to guess, you have blackbeard (Nicknamed “Zeko’s” by us). Don’t do any more scans until someone tells you too.
Edit: Extras.txt is saved as Unicode. Save it as ANSI.
Open it > Save As > Down below it’ll save Encoding, switch it too ANSI
ok… well i’ve been doing scans all day… but anyways what do I do know?
Does svchostanalyzer by neuber help? What makes you think its zeko’s?
Ok i’ve re-uploaded extras. I forgot to change that 
Generally issues related to svchost.exe are Zekos. Wait for Essex, TwinH, Val, Argus, Magna or Mach to come help you. If you want, open task manager. Show all the processes, find svchost.exe (It’ll be run by your user account, nothing else). Open the file location, then upload the file to www.virustotal.com. Post those scan results.
I will be gone now. I sadly still have clean up work to do after the hurricane that just hit us.
Ermm,
\tdsskiller.exe
[2014/07/09 10:41:17 | 005,212,874 | ---- | C] (Swearware) – C:\Users\Mark\Desktop\ComboFix (1).exe
[2014/07/09 10:32:10 | 000,000,000 | —D | C] – C:\AdwCleaner
[2014/07/09 10:18:15 | 000,000,000 | —D | C] – C:\ProgramData\RogueKiller
[2014/07/09 12:54:55 | 000,540,072 | ---- | C] (Neuber Software) – C:\Users\Mark\Desktop\SvchostAnalyzer.exe
[2014/07/09 12:32:21 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) – C:\Users\Mark\Desktop\tdsskiller.exe
Bad… Don’t be running those without anyone helping you! Those programs are way to highly advanced. Even to me. I don’t run them, and I am going through training.
Ok I won’t… I’ve naively looked at forums posts from other people…
Ok but which svchost.exe? their are many…
There should also have been an additions.txt with the FRST scan … Could you attach that please
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Download the attached Fixlist.txt to the same location as FRST
Run FRST and press Fix
On completion a log will be generated please post that
I can find the additions.txt. Should i re-scan? Or should i just use the fixlist.txt like you said?
Use the fixlist first and then rescan 
i will do that when/if Essexboy say so. 
Not really as the svchost alert now covers a multitude of sins… Notice that the alerts no longer state which browser is being used, this is I believe due to the way that web shield now interacts with the system… It is no longer an indicator of ZA or blackbeard et al.
Here’s the fix log.
Are you still getting the alerts ?