svchost.exe threat detection when internet starts

[REDACTED]

Every now and then, when I boot up my computer, I am greeted with about 10-12 URL:Mal threats from Avast. They all point to different web urls, and I can't for the life of me get rid of it. I have run MBAM and Avast without any detections, but I'll attach my logs so some of the moderators can take a look at it and hopefully help me with this issue.
The notifications from Avast also seem to pop up every time I re-enable internet in the Network and Sharing Center. The threats are all hiding behind System32/svchost.exe, and I was unable to see anything abnormal when looking what was behind them in ProcessExplorer.

[TwinHeadedEagle]

Hello,


Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

Soon after I run Zoek with the script above, I am met with a windows error message saying "DaS21 has stopped working.". After that, Zoek seems to just stop at "Remove From Windows Installer" and doesn't seem to be making any progress.

Looking at the zoek-results log file, it has also stopped at "Zoek.exe System Restore Point Created Successfully."

Edit: Seems like it got past "Remove From Windows Installer" point and is making progress now, but still wondering about that DaS21 error message. I'll post logs when it finishes.

[REDACTED]

Zoek finished, logs attached.

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

[REDACTED]

Alright, fixlog coming right up.

[TwinHeadedEagle]

How is your PC behaving now?

[REDACTED]

So far so good, re-enabling the network device doesn't give me any pop ups so far, which happaned all the time before. Thanks for the help!