Little Help Please - Virus/Trojan

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

denzil

Thread Starter
Joined
Feb 2, 2007
Messages
4
Greetings

I've had a search around and tried a number of suggestions and removal tools, but my system still maintains that it wants to shutdown in 60 seconds because of a problem with services.exe

I have removed several spyware artifacts and a trojan or two with some of the tools listed:

- VundoFix
- ComboFix
- GMer
- SmitfraudFix
- Rustbfix
- Trojan Remover

And I've used AVG, Panda and Security Task Manager.

I know I have a .dll called pmnnn.dll and that reversed to nnnmp.inf that is infected with Vundo and just won't sod off, no matter how many times I try (in SafeMode also).

GMer also found huy32.sys and is currently still searching (taking an age too!)

I was just hoping someone might be able to run me through and get rid of these sodding things, pmnnn.dll just won't remove as its in system32 and is always being used, even when VundoFix boots first it still cannot remove it, plus I removed all references to it in RegEdit, but these get readded on boot.

Cheers all!
 
Joined
Apr 26, 2005
Messages
444
Hello and welcome to Tech Support Guy.

My name is curlylad and I will be helping you to remove any infection(s) that you may have.

I have to let experts check the content of my fixes before I post them so be patient.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess , simply post back with your query and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


I will be back as soon as possible with your first instructions !
 

denzil

Thread Starter
Joined
Feb 2, 2007
Messages
4
Hi Curlylad, very much appreciate your help!

If you need me to do a HJT et cetera just let me know, don't want to spam up the thread if you aren't interested in that sort of stuff right now!

Cheers!
 
Joined
Apr 26, 2005
Messages
444
I think you may have anticipated my next move :)

Download/Install and Run HijackThis
  • Please go to the following link to download HJTsetup.exe and save it to your Desktop HijackThis Download Link
  • Double click the HJTsetup.exe desktop icon
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click the Next button in the set up dialog boxes until you get to the Select Additional Tasks dialogue
  • Place a tick or check next to Create a desktop icon then click Next again
  • Continue to follow the on screen prompts
  • At the final dialogue box click Finish, this will then launch HijackThis
  • Click the button Do a system scan and save a log file
  • A log will now be created and shown in Notepad
  • Copy and paste the Notepad window contents back here.

I will review the log and advise any further necessary steps as soon as possible
 

denzil

Thread Starter
Joined
Feb 2, 2007
Messages
4
Logfile of HijackThis v1.99.1
Scan saved at 20:03:45, on 02/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Maintenance\Panda AntiVirus\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Maintenance\Panda AntiVirus\APVXDWIN.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Maintenance\FreeRAM\FreeRAM XP Pro.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Maintenance\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Internet\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Maintenance\Panda AntiVirus\Firewall\PavFires.exe
C:\Program Files\Maintenance\Panda AntiVirus\PavFnSvr.exe
C:\Program Files\Maintenance\Panda AntiVirus\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Maintenance\Panda AntiVirus\pavsrv51.exe
C:\Program Files\Maintenance\Panda AntiVirus\prevsrv.exe
C:\Program Files\Maintenance\Panda AntiVirus\AVENGINE.EXE
C:\Program Files\Maintenance\Panda AntiVirus\PsImSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Maintenance\Hive Profile Cleanup\uphclean.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Games\Steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maintenance\Panda AntiVirus\WebProxy.exe
C:\Program Files\Internet\Firefox\firefox.exe
C:\Program Files\Maintenance\Hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Miscellaneous\Adobe Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {90A799C3-C4AB-4A2A-9D4F-8C7B286911E4} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Miscellaneous\Mindjet MindManager\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Maintenance\Panda AntiVirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\Maintenance\FreeRAM\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Miscellaneous\Mindjet MindManager\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Games\Ultimate Bet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Games\Ultimate Bet\UltimateBet.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PacificPoker\pacificpoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Maintenance\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\Internet\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Maintenance\Panda AntiVirus\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
 
Joined
Apr 26, 2005
Messages
444
Here are your first instructions.


Download RustBFix from one of the following locations...

http://www.uploads.ejvindh.net/rustbfix.exe

http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe

...and save it to your desktop.
  • Double click on rustbfix.exe to run the tool.
  • If a Rustock.b-infection is found you will be asked to reboot the computer.
  • The reboot will probably take quite a while, and perhaps 2 reboots will be needed, this will happen automatically
  • After the reboot 2 logfiles will open (C:\avenger.txt & C:\rustbfix\pelog.txt).
  • Post the content of these logfiles along with a new HijackThis log.

I will review the new information and reply as soon as possible.
 

denzil

Thread Starter
Joined
Feb 2, 2007
Messages
4
Booted this morning and the dll has gone?

************************* Rustock.b-fix -- By ejvindh *************************
03/02/2007 8:57:23.00

No Rustock.b-rootkits found

******************************* End of Logfile ********************************



Logfile of HijackThis v1.99.1
Scan saved at 08:57:47, on 03/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Maintenance\Panda AntiVirus\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Maintenance\Panda AntiVirus\APVXDWIN.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Maintenance\FreeRAM\FreeRAM XP Pro.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Maintenance\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Internet\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Maintenance\Panda AntiVirus\Firewall\PavFires.exe
C:\Program Files\Maintenance\Panda AntiVirus\PavFnSvr.exe
C:\Program Files\Maintenance\Panda AntiVirus\Pavkre.exe
C:\Program Files\Internet\Firefox\firefox.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Maintenance\Panda AntiVirus\pavsrv51.exe
C:\Program Files\Maintenance\Panda AntiVirus\prevsrv.exe
C:\Program Files\Maintenance\Panda AntiVirus\AVENGINE.EXE
C:\Program Files\Maintenance\Panda AntiVirus\PsImSvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Maintenance\Hive Profile Cleanup\uphclean.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Maintenance\Panda AntiVirus\WebProxy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Download\BitComet\BitComet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Maintenance\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Miscellaneous\Adobe Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {90A799C3-C4AB-4A2A-9D4F-8C7B286911E4} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Miscellaneous\Mindjet MindManager\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Maintenance\Panda AntiVirus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\Maintenance\FreeRAM\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Miscellaneous\Mindjet MindManager\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Games\Ultimate Bet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Games\Ultimate Bet\UltimateBet.exe
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PacificPoker\pacificpoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Maintenance\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\Internet\NetLimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Maintenance\Panda AntiVirus\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Maintenance\Panda AntiVirus\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe



Am guessing there will be a few more tests just to make sure? :)
 
Joined
Apr 26, 2005
Messages
444
Good Evening denzil

Here are your next instructions

STEP 1

2 Anti Virus Programs

It appears from your log that you have 2 Anti Virus programs running.
This will not provide better protection than having just one Anti Virus.
In fact it can have detremental effects on your system, causing all sorts of problems.
You must uninstall either Panda AntiVirus or AVG Anti Virus now
Please read the following to help you decide which you choose to uninstall.

Panda Anti Virus
With this very good program you also have a Firewall so is the best option for you to keep.

AVG Anti Virus
This is a also a very good Anti Virus.
However if you choose to keep this over the Panda Anti Virus then you will also have to download and install a Firewall.

My advice is that you uninstall the AVG Anti Virus

To do that please go to Add/Remove Programs and uninstall AVG Anti Virus

When you have done that please reboot your system and continue onto the next step.


STEP 2

VundoFix

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


STEP 3

Download and run GMER

Download GMER to your Desktop and unzip it to your Desktop.
  • Disconnect from internet and close running programs.
    There is a small chance this application may crash your computer, so save any work you have open
  • Double click gmer.exe.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
  • If no warning....
    • Click the rootkit tab
    • To the right of the program you will see a bunch of boxes that have been checked... leave everything checked.
    • Then click the Scan button. Wait for the scan to finish.
  • Once done click the Copy button.
  • Open Notepad and hit ctrl+v to paste the log. Save the log to your Desktop.


I now need from you:-
  • The Vundofix.txt log
  • The new HijackThis log
  • The GMER log

When you have posted the 3 logs back I will review the information and advise on any further necessary steps as soon as possible.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top