About 3 days ago Avast started throwing MALWARE BLOCKED notifications. It toggles back and forth between Win32:Trojan-gen and Win32:Malware-gen, always claiming the same process (C:\Windows\system32\services.exe). When I look at the shield log it always successfully moves the item to the chest, and the File name listed in the shield logs is c:\Windows\Installer.…\80000000.@ (and two others)
Help, please! :-\
Hi, follow this guide from here:
http://forum.avast.com/index.php?topic=53253.0
Run [AdwCleaner&MalwareBytes] + [OTL&aswMBR]. Attach here logreports. 
OK… I wanted to do it before you wrote this, but it have lots of reboots… I´ll attach ComboFix log too 
Wait a minute. please… I think I fixed it…
Yes! It´s OK no alerts, no malware… ComboFix Fixed it… I´ll attach only log from this program, because all is OK… ;D
There will be leftover files not removed by combofix…
Attach all logs requested
Everything is OK… I scanned system with Avast and there was no infection founded… That inficted files aren´t there where they was and services.exe isn´t infected…
Hi,
The topic “Logs to assist in cleaning malware” do not mention running ComboFix.
Please read:
http://www.techsupportforum.com/1829551-post6.html
http://www.bleepingcomputer.com/forums/topic273628.html
Do you know that you have hack/cracker pass tool installed aka ‘ophcrack’ on your PC?
http://ophcrack.sourceforge.net/
Re-run Combofix via CFScript
Open notepad and copy/paste the text present inside the code box below:
FileLook::
c:\windows\system32\services.exe
ClearJavaCache::
KillAll::
Folder::
C:\Windows\Installer\{ad86016c-78d0-6439-250d-981fa1acbe97}
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
Additional check:
Download TDSSKiller and save it to your desktop
Execute [b]TDSSKiller.exe[/b] by doubleclicking on it.
[*] Press Start Scan
[*] If Suspicious object is detected, the default action will be Skip, click on Continue.
[*] If Malicious objects are found, select Cure.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, [b]C:\TDSSKiller.<version_date_time>log.txt[/b]
Please post the contents of that log in your next reply.
Logs attached… How can I remove that ophcrack from my PC?
Hi,
Please attach here:
C:\Qoobox[b]Add-Remove Programs.txt[/b]
Here…
- I recommended to uninstall & remove IObit’s software Advanced SystemCare 6.
- Open notepad and copy/paste the text present inside the code box below:
KillAll::
Driver::
wdtlcvta
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
ASC Pro 6.1 successfully uninstalled!
Ok, all clean.
It is necessary to uninstall ComboFix :
[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
[*] In the line of text type in (Copy) the following:
ComboFix /Uninstall
Note that there is a space between " ComboFix " and " /Uninstall " .
[*] then click OK (or press Enter ).
Wait for the uninstall process is complete.
Re-run OTL and click on CleanUp! button.
You will be asked to reboot the machine to finish the cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTL. Feel free to manually delete any tools it leaves behind.
I recommended to keep (to install) Malwarebytes and to use MCShield if you will.
You may download MCShield from one of the following links:
MyCity - Official download link
Softpedija - Mirror download link
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
Be safe
Wait… Was it clean before your intervention or after it? I istalled MCShield… Any other recommendations? 
After my intervention, of course … 8).
Keep your all software up to date ( new avast 8 has that feature ), and it is important to uninstall used tools (CF and OTL) because they will do some post cleaning.
Of course… OK I´ll update Avast… And CF and OTL I unistalled few hours ago… Thats´s all?
Yap.
What a pity…