1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Little Help Please - Virus/Trojan

Discussion in 'Virus & Other Malware Removal' started by denzil, Feb 2, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. denzil

    denzil Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    4
    Greetings

    I've had a search around and tried a number of suggestions and removal tools, but my system still maintains that it wants to shutdown in 60 seconds because of a problem with services.exe

    I have removed several spyware artifacts and a trojan or two with some of the tools listed:

    - VundoFix
    - ComboFix
    - GMer
    - SmitfraudFix
    - Rustbfix
    - Trojan Remover

    And I've used AVG, Panda and Security Task Manager.

    I know I have a .dll called pmnnn.dll and that reversed to nnnmp.inf that is infected with Vundo and just won't sod off, no matter how many times I try (in SafeMode also).

    GMer also found huy32.sys and is currently still searching (taking an age too!)

    I was just hoping someone might be able to run me through and get rid of these sodding things, pmnnn.dll just won't remove as its in system32 and is always being used, even when VundoFix boots first it still cannot remove it, plus I removed all references to it in RegEdit, but these get readded on boot.

    Cheers all!
     
  2. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Hello and welcome to Tech Support Guy.

    My name is curlylad and I will be helping you to remove any infection(s) that you may have.

    I have to let experts check the content of my fixes before I post them so be patient.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess , simply post back with your query and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


    I will be back as soon as possible with your first instructions !
     
  3. denzil

    denzil Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    4
    Hi Curlylad, very much appreciate your help!

    If you need me to do a HJT et cetera just let me know, don't want to spam up the thread if you aren't interested in that sort of stuff right now!

    Cheers!
     
  4. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    I think you may have anticipated my next move :)

    Download/Install and Run HijackThis
    • Please go to the following link to download HJTsetup.exe and save it to your Desktop HijackThis Download Link
    • Double click the HJTsetup.exe desktop icon
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click the Next button in the set up dialog boxes until you get to the Select Additional Tasks dialogue
    • Place a tick or check next to Create a desktop icon then click Next again
    • Continue to follow the on screen prompts
    • At the final dialogue box click Finish, this will then launch HijackThis
    • Click the button Do a system scan and save a log file
    • A log will now be created and shown in Notepad
    • Copy and paste the Notepad window contents back here.

    I will review the log and advise any further necessary steps as soon as possible
     
  5. denzil

    denzil Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    4
    Logfile of HijackThis v1.99.1
    Scan saved at 20:03:45, on 02/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Maintenance\Panda AntiVirus\PavProt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Maintenance\Panda AntiVirus\APVXDWIN.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Maintenance\FreeRAM\FreeRAM XP Pro.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Maintenance\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Internet\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
    C:\Program Files\Maintenance\Panda AntiVirus\Firewall\PavFires.exe
    C:\Program Files\Maintenance\Panda AntiVirus\PavFnSvr.exe
    C:\Program Files\Maintenance\Panda AntiVirus\Pavkre.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Maintenance\Panda AntiVirus\pavsrv51.exe
    C:\Program Files\Maintenance\Panda AntiVirus\prevsrv.exe
    C:\Program Files\Maintenance\Panda AntiVirus\AVENGINE.EXE
    C:\Program Files\Maintenance\Panda AntiVirus\PsImSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Maintenance\Hive Profile Cleanup\uphclean.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Games\Steam\steam.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Maintenance\Panda AntiVirus\WebProxy.exe
    C:\Program Files\Internet\Firefox\firefox.exe
    C:\Program Files\Maintenance\Hijackthis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Miscellaneous\Adobe Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {90A799C3-C4AB-4A2A-9D4F-8C7B286911E4} - C:\WINDOWS\system32\pmnnn.dll (file missing)
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Miscellaneous\Mindjet MindManager\Mm6InternetExplorer.dll
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Maintenance\Panda AntiVirus\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\Maintenance\FreeRAM\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Miscellaneous\Mindjet MindManager\Mm6InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Games\Ultimate Bet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Games\Ultimate Bet\UltimateBet.exe
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PacificPoker\pacificpoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Maintenance\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\Internet\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\Firewall\PavFires.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\PavFnSvr.exe
    O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\Pavkre.exe
    O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\PavProt.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\pavsrv51.exe
    O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\prevsrv.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Maintenance\Panda AntiVirus\PsImSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
     
  6. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Here are your first instructions.


    Download RustBFix from one of the following locations...

    http://www.uploads.ejvindh.net/rustbfix.exe

    http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe

    ...and save it to your desktop.
    • Double click on rustbfix.exe to run the tool.
    • If a Rustock.b-infection is found you will be asked to reboot the computer.
    • The reboot will probably take quite a while, and perhaps 2 reboots will be needed, this will happen automatically
    • After the reboot 2 logfiles will open (C:\avenger.txt & C:\rustbfix\pelog.txt).
    • Post the content of these logfiles along with a new HijackThis log.

    I will review the new information and reply as soon as possible.
     
  7. denzil

    denzil Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    4
    Booted this morning and the dll has gone?

    ************************* Rustock.b-fix -- By ejvindh *************************
    03/02/2007 8:57:23.00

    No Rustock.b-rootkits found

    ******************************* End of Logfile ********************************



    Logfile of HijackThis v1.99.1
    Scan saved at 08:57:47, on 03/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Maintenance\Panda AntiVirus\PavProt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Maintenance\Panda AntiVirus\APVXDWIN.EXE
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Maintenance\FreeRAM\FreeRAM XP Pro.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Maintenance\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Internet\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
    C:\Program Files\Maintenance\Panda AntiVirus\Firewall\PavFires.exe
    C:\Program Files\Maintenance\Panda AntiVirus\PavFnSvr.exe
    C:\Program Files\Maintenance\Panda AntiVirus\Pavkre.exe
    C:\Program Files\Internet\Firefox\firefox.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Maintenance\Panda AntiVirus\pavsrv51.exe
    C:\Program Files\Maintenance\Panda AntiVirus\prevsrv.exe
    C:\Program Files\Maintenance\Panda AntiVirus\AVENGINE.EXE
    C:\Program Files\Maintenance\Panda AntiVirus\PsImSvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Maintenance\Hive Profile Cleanup\uphclean.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Maintenance\Panda AntiVirus\WebProxy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Download\BitComet\BitComet.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Maintenance\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Miscellaneous\Adobe Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {90A799C3-C4AB-4A2A-9D4F-8C7B286911E4} - (no file)
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Miscellaneous\Mindjet MindManager\Mm6InternetExplorer.dll
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Maintenance\Panda AntiVirus\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\Maintenance\FreeRAM\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Miscellaneous\Mindjet MindManager\Mm6InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Games\Ultimate Bet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Games\Ultimate Bet\UltimateBet.exe
    O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PacificPoker\pacificpoker.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Maintenance\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\Internet\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\Firewall\PavFires.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\PavFnSvr.exe
    O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\Pavkre.exe
    O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\PavProt.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\pavsrv51.exe
    O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\prevsrv.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Maintenance\Panda AntiVirus\PsImSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe



    Am guessing there will be a few more tests just to make sure? :)
     
  8. curlylad

    curlylad

    Joined:
    Apr 26, 2005
    Messages:
    444
    Good Evening denzil

    Here are your next instructions

    STEP 1

    2 Anti Virus Programs

    It appears from your log that you have 2 Anti Virus programs running.
    This will not provide better protection than having just one Anti Virus.
    In fact it can have detremental effects on your system, causing all sorts of problems.
    You must uninstall either Panda AntiVirus or AVG Anti Virus now
    Please read the following to help you decide which you choose to uninstall.

    Panda Anti Virus
    With this very good program you also have a Firewall so is the best option for you to keep.

    AVG Anti Virus
    This is a also a very good Anti Virus.
    However if you choose to keep this over the Panda Anti Virus then you will also have to download and install a Firewall.

    My advice is that you uninstall the AVG Anti Virus

    To do that please go to Add/Remove Programs and uninstall AVG Anti Virus

    When you have done that please reboot your system and continue onto the next step.


    STEP 2

    VundoFix

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


    STEP 3

    Download and run GMER

    Download GMER to your Desktop and unzip it to your Desktop.
    • Disconnect from internet and close running programs.
      There is a small chance this application may crash your computer, so save any work you have open
    • Double click gmer.exe.
    • Let the gmer.sys driver load if asked.
    • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
    • If no warning....
      • Click the rootkit tab
      • To the right of the program you will see a bunch of boxes that have been checked... leave everything checked.
      • Then click the Scan button. Wait for the scan to finish.
    • Once done click the Copy button.
    • Open Notepad and hit ctrl+v to paste the log. Save the log to your Desktop.


    I now need from you:-
    • The Vundofix.txt log
    • The new HijackThis log
    • The GMER log

    When you have posted the 3 logs back I will review the information and advise on any further necessary steps as soon as possible.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/540521

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice