I have the same issue as posted about in this current topic:

http://forum.avast.com/index.php?topic=137264.0

My PC is Win XP Home SP3 fully up to date; running Avast Internet Security also up to date. Never had any other security software installed since I reinstalled Win XP on this machine. I see from the other post that nsvclog.exe is associated with the Nvidia firewall, which makes sense; my PC has an Nvidia network adapter (currently disabled) and the Nvidia Active Armor firewall (also currently off, because I am using Avast).

Yesterday after booting my PC, Avast popped up a security alert about a suspected rootkit: the suspect process was nsvclog.exe and the suspicious agent was win32/evo-gen. Recommended action was to delete, reboot and schedule a boot-time scan, which I did. After boot had finished, the same alert popped up again, so I repeated the process and after the second reboot the alert did not pop up.

Today the alert popped up again, well after boot had finished, while the machine was in use.

Suspecting a FP, this time I closed the alert window, but checked this forum and found the other thread referenced above. I would have expected a lot more forum activity if it was a true FP, so I got a little more concerned. I checked the Avast boot-time scan results already generated, both of which said nothing found. Then I ran all the various tools as suggested here:

http://forum.avast.com/index.php?topic=53253.0

No apparent cause for concern (MBAM found three PUPs in archive files).

Finally, to make sure I had the facts right, I ran an Avast scan and it is still reporting Filename: SVC: nSvcLog > C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nsvclog.exe, Severity: High, Status: Threat Win32:Evo-gen [susp]. I chose the action Do Nothing pending further advice.

aswmbr log content pasted below, all other logs attached: five into four won’t go!

Please advise. With thanks,

Andy

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-20 13:05:21

13:05:21.136 OS Version: Windows 5.1.2600 Service Pack 3
13:05:21.136 Number of processors: 1 586 0x2F02
13:05:21.136 ComputerName: 83-RUPERT UserName: Andy
13:05:22.557 Initialize success
13:05:24.370 AVAST engine defs: 13102000
13:05:29.761 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-4
13:05:29.761 Disk 0 Vendor: WDC_WD400BB-23FJA0 13.03G13 Size: 38162MB BusType: 3
13:05:29.776 Disk 1 \Device\Harddisk1\DR1 → \Device\Ide\IdeDeviceP0T1L0-c
13:05:29.776 Disk 1 Vendor: WDC_WD800AB-00CBA1 04.07B04 Size: 76319MB BusType: 3
13:05:29.776 Disk 2 \Device\Harddisk2\DR2 → \Device\0000006d
13:05:29.776 Disk 2 Vendor: HDS728080PLA380 PF2OA60A Size: 78533MB BusType: 3
13:05:29.776 Disk 3 \Device\Harddisk3\DR3 → \Device\0000006e
13:05:29.776 Disk 3 Vendor: WDC_WD2000JD-00HBB0 08.02D08 Size: 190781MB BusType: 3
13:05:30.057 Disk 0 MBR read successfully
13:05:30.057 Disk 0 MBR scan
13:05:30.276 Disk 0 Windows XP default MBR code
13:05:30.307 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
13:05:30.354 Disk 0 scanning sectors +78140160
13:05:30.729 Disk 0 scanning C:\WINDOWS\system32\drivers
13:05:47.511 Service scanning
13:06:08.339 Modules scanning
13:06:19.417 Disk 0 trace - called modules:
13:06:19.448 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:06:19.448 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x89c06ab8]
13:06:19.448 3 CLASSPNP.SYS[b80e8fd7] → nt!IofCallDriver → \Device\0000006a[0x89db5730]
13:06:19.448 5 ACPI.sys[b7f7f620] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-4[0x89d8c940]
13:06:19.682 AVAST engine scan C:\WINDOWS
13:06:23.276 AVAST engine scan C:\WINDOWS\system32
13:09:00.448 AVAST engine scan C:\WINDOWS\system32\drivers
13:09:41.917 AVAST engine scan C:\Documents and Settings\Andy
13:11:23.167 AVAST engine scan C:\Documents and Settings\All Users
13:11:56.573 Scan finished successfully
13:13:05.495 Disk 0 MBR has been saved successfully to “C:\Documents and Settings\Andy\Desktop\MBR.dat”
13:13:05.511 The log file has been saved successfully to “C:\Documents and Settings\Andy\Desktop\aswMBR.txt”

I think thats a false positive. You can report that via Mail to virus@avast.com Subject false positive

Rerun Malwarebytes quick scan and choose remove selected.

And also rerun ADWCleaner and Scan again and then choose remove.

I agree with Steven. It sure looks like a false positive.
Please submit the file to https://www.virustotal.com and http://virusscan.jotti.org/en
I would like to see if other anti-malware software also reports it as something bad.

Thanks guys. I’ll make a FP report to Avast. @Eddy, virusscan.jotti.org reports 0/23 scanners reported malware. I almost gave up waiting for virustotal to upload the file, but eventually it reported that the file had already been analysed on 20 Oct with a detection ratio of 0/48.

Andy