svchost tries to access malicious urls

Thank you for the forum.

On my wife’s computer, Avast is constantly blocking attempts by svchost.exe to access a malicious dll file on various urls. Have scanned with avast, and multiple other malware scanners, and always get a clean bill of health.

Attached are the logfiles as described in your previous instructions. Thank you!!

hey and welcome john496 to the forum. Could you post a picthure of what avst say?. It will contian some more infromation for the expert how will help you out.

Hello,

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[B] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/B]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

[*]Right-click on
https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
icon and select
https://sites.google.com/site/cannedfixes/home/hosted-images-tools/RunAsAdmin.jpg
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
[*]Press the Fix button just once and wait.
[*]If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
[*]When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Attached is a picture. I need to be away from the computer for a few hours so ill send the scan file at that time. thanks.

Follow my instructions.

Ran the script as instructed. Attached is the fixlog.txt. Thank you -

How is the situation now?

Have not had any alerts from avast, although in the past it was intermittent. There were no alerts during startup, which I think happened usually/always? earlier, so that is a good sign. Any idea about what it might be?

GroupPolicy and malware.

The following will implement some post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

[*]Run the tool by right click on the
http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.png
icon and Run as administrator option.
[*]Make sure that these ones are checked:

[]Remove disinfection tools
[
]Purge system restore
[*]Reset system settings

[*]Push Run and wait until the tool completes his work.
All tools we used should be gone. Tool will create an report for you (C:[B]DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Thank you - done. I have not had any messages from Avast, so hopefully issue resolved. If it returns, I’ll post again on this thread.