Mobius1

Thanks very much for all your help. Much appreciated! I've left a comment on your profile feed

It was running OK before I was just getting a lot of warnings from AVG about services.exe and svchost.exe.

Results of MBAM quick scan: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.25.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Karl :: SKYNET [administrator] 25/06/2012 19:14:28 mbam-log-2012-06-25 (19-14-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241772 Time elapsed: 2 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Combofix log has been attached to the post. The dodgy services.exe seems to have been disinfected, thank you very much for your help. ComboFix.txt

I forgot to mention I was getting these warnings at least 3-4 times per day then I ran MBAM in safe mode on the 22nd on which it detected a virus and removed it. I had no more warnings until today. The TDSSKiller log was quite long so I attached it to the post. TDSSKiller.2.7.41.0_25.06.2012_17.07.07_log.txt

I keep getting alerts from my AV software that svchost is infected, but it's being whilelisted due to it being an important program. If Initiate a full scan with either AVG Internet Security 2012 or MBAM, nothing is detected. However, RogueKiller detects and kills svchost straigt away: Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Karl [Admin rights] Mode: Scan -- Date: 06/25/2012 16:14:47 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- Path not found -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] Auto Shutdown.job @ : C:\Users\Karl\Desktop\Shutdown\shutdown.bat -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200AAJS-22L7A0 ATA Device +++++ --- User --- [MBR] fbe83546a64a37c104fc57317a29c71e [bSP] 9eed83032f48d1b76aa5d806c2826872 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 9500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19458048 | Size: 1500 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22530048 | Size: 294243 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD3200AAKS-00L9A0 ATA Device +++++ --- User --- [MBR] 155977d67c2e8bc1b3e7dee72939ab9a [bSP] 644a408825f648ea944c14be05f5437d : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: WDC WD10EALS-00Z8A0 ATA Device +++++ --- User --- [MBR] ead02e815fe862833f63fb0d47b5386a [bSP] 819440fad9918def8ddb6aaa2d6eb141 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt