URL:Mal Svchost.exe constant alerts

[prokosher]

I'm getting constant alerts from Avast! I ran 2 scans (one in safemode) and it came back with 0 infected files.

I started to "troubleshoot" the issue myself so I ran ComboFix and a few other programs (most got interrupted because this infection seems to reboot my pc). After reading how they can be dangerous if you don't understand how they work I immediately stopped and figured I'd seek help.

[Asyn]

Please attach your logs. (MBAM, OTL and aswMBR..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

[essexboy]

Monitoring

[prokosher]

I fell asleep at my desk waiting for scans to complete ><

Here's my logs.

Not sure if I'm attaching the right files for MBAM so let me know if I did it wrong.

[essexboy]

Hi there before we start the cleaning process I would like you to upload file to Avast for analysis

Open Avast and go to the virus chest
Right click in the white area and select Add

Locate Windows\system32\rpcss.dll
Click the file and it will appear in the virus chest
Now right click that file and select "Submit to Virus Labs"
Fill in the data and add this thread to the additional info
Select Submit
Manually update Avast to send it

OK time to clean

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..network.proxy.http_port: 8080
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Derek\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Derek\AppData\Local\DIRECTV Player\npPlayerPlugin.dll File not found
[2014/01/10 00:58:07 | 000,000,084 | ---- | M] () -- C:\Windows\SysNative\monqqrp.ewo
[2014/01/03 11:32:51 | 000,037,376 | ---- | M] () -- C:\Windows\SysNative\pbzwpy.cwe
[2014/01/03 11:32:51 | 000,000,099 | ---- | M] () -- C:\Windows\SysNative\sjnfejj.wbk
[2014/01/03 11:22:33 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\jfaygp.ljh
[2014/01/03 11:00:35 | 000,219,314 | --S- | M] () -- C:\Windows\SysNative\wlifvjg.zri

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes AntiRootkit and save it to your desktop.

Full instructions how to use MBAR
Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop and MBAM shall run ...

• Click on Next > then on Update button to download fresh definitions.


• When database updates click Next

• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"


• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.


• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.

>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.