A trojan in service.exe?!

Question

Blahthing 0 Newbie Poster

12 Years Ago

So i was starting up my web browser this morning, and firefox started spitting out extremely random javascript errors, which spammed up to around a dozen. I figured obviously to give my computer a virus scan. I did (with AVG free), and found 2 trojans, who have masked over service.exe.

These are the trojans

"";"C:\WINDOWS\system32\services.exe (1128):\memory_00d90000";"Trojan horse PSW.Agent.ARMU";"Infected"

"";"C:\WINDOWS\system32\services.exe (1128)";"Trojan horse PSW.Agent.ARMU";"Infected"

AVG said they got deleted. Fair enough, i scanned again and they popped up again. So i scanned 8 times and they wouldn't delete. EDIT: They messed up my browser a bit, and my computer is extremely slow.

windows-virus

Edited 12 Years Ago by Blahthing because: Forgot to add important detail!

2 Contributors
6 Replies
317 Views
3 Days Discussion Span
Latest Post 12 Years Ago Latest Post by Blahthing

All 6 Replies

jholland1964 650 Posting Expert

12 Years Ago

AVG will not remove a trojan as you have found. You need to follow the steps given in our Read First sticky
http://www.daniweb.com/hardware-and-software/microsoft-windows/viruses-spyware-and-other-nasties/threads/134865

Run all the requested programs allow them to clean whatever is found.
Then post back here with Copy/Pastes of all requested logs and we can then help you complete the removal.

jholland1964 650 Posting Expert

12 Years Ago

Then I would say the AVG findings are a false postive. AVG is just not a very good anti-virus program. When researching your problem I found no other av program that found this file. I would advise you use a different anti-virus program, it certainly is one that I never recommend.
It rarely ranks among the highest or most reputable. My advice would be use Avira Free 2012 or Avast Free, but not AVG.
Your System restore is set way to large. You have restore points going back over six months. System Restore should never be used to go back that far, if it is used at all and then it should be only for a very few things.
Your Java is way out of date, you are running version 6 Update 25 and the most recent update is version 6 update 30.
Uninstall All Java listed in add/remove and then go here to download the latest version. http://www.java.com/en/download/manual.jsp

Blahthing commented: Very Very helpful! +1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Blahthing 0 Newbie Poster · Answer 1 · 2012-02-01T14:38:03+00:00

Ok, i gave it a test using all those program, and noting like the thing on AVG was found
Docs:

GMEROne

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-01 17:43:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM320II rev.2AC101C4
Running: ff5j9dep.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ffddakog.sys


---- Devices - GMER 1.0.15 ----

Device          owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T0L0-3  RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdePort0           RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdePort1           RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdePort2           RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdePort3           RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T0L0-e  RGRCZ@J@

AttachedDevice  \FileSystem\Ntfs \Ntfs                       AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

GMERTWO

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-01 19:13:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM320II rev.2AC101C4
Running: ff5j9dep.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ffddakog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xB2DEBF3C]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xB2DEBFE4]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xB2DEC080]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xB2DEC11C]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T0L0-3                                                                                 RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdePort0                                                                                          RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdePort1                                                                                          RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdePort2                                                                                          RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdePort3                                                                                          RGRCZ@J@
Device          owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T0L0-e                                                                                 RGRCZ@J@

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                           ???1????\??\C:\WINDOWS\system32\drivers\p8jt4c.sys?L?O???????????H?????????????5?H??????0???????SMC EZ Connect USB/Ethernet Series Converter - Packet Scheduler Miniport?r??\Device\{173DC3D4-FCA3-4B60-8037-47C1D7675918}??De???????Y???Y??????x????W?????????????X?X8??????????8???????-???-?-CA???????????I???????????????I???8?@???????Z?????Y??????????????????????????????????????6????#?????????????????????????6????????????????????????????????? ??????????????????????????????????????????????????7????#?????????????????????????7?????"???????????????????????????????!???@????????????????????6??????&???@???????????????????????????????@???????????????6???"???@???????????????????????????????????????????????7??(Standard system devices)???{36FC9E60-C465-11CF-8056-444553540000}\0000?????{8ECC055D-047F-11D1-A537-0000F8753ED1}\0010???(??????????Y???????e??{8ECC055D-047F-11D1-A537-0000F8753ED1}?003??{8ECC055D-047F-11D1-A537-0000F8753ED1}\0020?????{8ECC055D-047F-11D1-A537-0000F8753ED1}\0024?????????????????????????????5???? ?????

---- EOF - GMER 1.0.15 ----

Malware Bytes which came up empty

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Owner :: SAMSUNG-NPR467 [administrator]

Protection: Enabled

1/02/2012 8:02:14 AM
mbam-log-2012-02-01 (08-02-14).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 422076
Time elapsed: 1 hour(s), 42 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And DDS

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 6.0.2900.5512  BrowserJavaVersion: 1.6.0_25
Run by Owner at 19:21:41 on 2012-02-01
Microsoft Windows XP Professional  5.1.2600.3.1252.61.1033.18.2043.1090 [GMT 11:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s%s
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mURLSearchHooks: H - No File
BHO: {0BFEE087-861D-43FB-B38B-B17C9CAD9B71} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_Plugin.exe -update plugin
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AGEIA PhysX SysTray] c:\program files\ageia technologies\TrayIcon.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E57F3E1C-58CE-4B73-BCD0-BA34553E8731}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{F37F09FE-7A32-48AA-9AC3-8AE6A5E9DEF9} : DhcpNameServer = 10.0.0.138
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\5kt9iztg.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-1 652360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-9-18 94880]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-1 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-4-14 119272]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 0228601328074703mcinstcleanup;McAfee Application Installer Cleanup (0228601328074703);c:\windows\temp\022860~1.exe -cleanup -nolog --> c:\windows\temp\022860~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2011-4-14 20160]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-14 1691480]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-14 947528]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 p8jt4c.sys;p8jt4c.sys;\??\c:\windows\system32\drivers\p8jt4c.sys --> c:\windows\system32\drivers\p8jt4c.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-31 14:26:33	--------	d-----w-	c:\documents and settings\owner\application data\Malwarebytes
2012-01-31 14:26:08	--------	d-----w-	c:\documents and settings\all users\application data\Malwarebytes
2012-01-31 14:26:07	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-31 11:36:51	--------	d-----w-	c:\documents and settings\all users\application data\PC Tools
2012-01-19 01:38:21	--------	d-----w-	c:\documents and settings\owner\application data\AVG Secure Search
2012-01-17 10:18:51	--------	d-----r-	c:\program files\Skype
2012-01-11 10:22:52	--------	d-----w-	c:\windows\system32\appmgmt
2012-01-10 09:05:40	--------	d-----w-	c:\documents and settings\owner\local settings\application data\Help
.
==================== Find3M  ====================
.
2012-01-28 11:40:46	138160	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-01-28 11:36:13	271200	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-01-28 11:36:13	271200	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-01-28 09:16:39	271200	----a-w-	c:\windows\system32\PnkBstrB.ex0
2011-11-26 08:22:39	1700352	----a-w-	c:\windows\system32\gdiplus.dll
2011-11-26 08:22:39	1060864	----a-w-	c:\windows\system32\mfc71.dll
2011-11-25 21:57:19	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25:32	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35:08	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21:44	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21:44	152064	----a-w-	c:\windows\system32\schannel.dll
2011-11-03 15:28:36	386048	----a-w-	c:\windows\system32\qdvd.dll
2011-11-03 15:28:36	1292288	----a-w-	c:\windows\system32\quartz.dll
.
============= FINISH: 19:22:00.25 ===============

AVG still scans with that trojan, heres even a screenshot

[IMG]http://img843.imageshack.us/img843/6377/avgcantdeletethisvirus.png[/IMG]

Uploaded with ImageShack.us

Also, another interesting thing, the "(Number)" Next to services keeps changing, why?

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 2 · 2012-02-01T20:34:15+00:00

We need the second log from DDS and also a log, not a screen shot, from AVG

Also please upload this file C:\WINDOWS\system32\services.exe

to https://www.virustotal.com/ for scanning.

Post back with that information given. Not a print screen, but full information.

Blahthing 0 Newbie Poster · Answer 3 · 2012-02-02T12:23:12+00:00

Ok i did one with virus total, and nothing came up (Somehow including avg)

SHA256: 	59c606977db40a3443dff0be2a4c761824881b22c9fdb3d23f6486db580e92a4
File name: 	services.exe
Detection ratio: 	0 / 42
Analysis date: 	2012-02-02 06:13:26 UTC ( 0 minutes ago )
0
0
Antivirus 	Result 	Update
AhnLab-V3 	- 	20120201
AntiVir 	- 	20120201
Antiy-AVL 	- 	20120131
Avast 	- 	20120202
AVG 	- 	20120202
BitDefender 	- 	20120202
ByteHero 	- 	20120126
CAT-QuickHeal 	- 	20120202
ClamAV 	- 	20120202
Commtouch 	- 	20120201
Comodo 	- 	20120202
DrWeb 	- 	20120202
Emsisoft 	- 	20120202
eSafe 	- 	20120130
eTrust-Vet 	- 	20120201
F-Prot 	- 	20120201
F-Secure 	- 	20120202
Fortinet 	- 	20120202
GData 	- 	20120202
Ikarus 	- 	20120202
Jiangmin 	- 	20120201
K7AntiVirus 	- 	20120201
Kaspersky 	- 	20120202
McAfee 	- 	20120202
McAfee-GW-Edition 	- 	20120202
Microsoft 	- 	20120202
NOD32 	- 	20120202
Norman 	- 	20120201
nProtect 	- 	20120201
PCTools 	- 	20120201
Prevx 	- 	20120202
Rising 	- 	20120118
Sophos 	- 	20120202
SUPERAntiSpyware 	- 	20120202
Symantec 	- 	20120202
TheHacker 	- 	20120202
TrendMicro 	- 	20120201
TrendMicro-HouseCall 	- 	20120202
VBA32 	- 	20120131
VIPRE 	- 	20120202
ViRobot 	- 	20120202
VirusBuster 	- 	20120202

and for the DDS attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/04/2011 7:10:48 AM
System Uptime: 2/02/2012 3:25:26 PM (2 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | R467/R464/P467           
Processor: Intel Pentium III Xeon processor | U2E1 | 2094/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 33 GiB total, 8.379 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 70.726 GiB free.
E: is FIXED (NTFS) - 73 GiB total, 25.647 GiB free.
F: is FIXED (NTFS) - 119 GiB total, 54.03 GiB free.
G: is CDROM ()
.

==== System Restore Points ===================
.
RP88: 5/11/2011 5:56:57 PM - System Checkpoint
RP89: 12/11/2011 7:41:17 AM - System Checkpoint
RP90: 14/11/2011 4:14:39 PM - System Checkpoint
RP91: 16/11/2011 9:15:39 PM - System Checkpoint
RP92: 21/11/2011 3:56:42 PM - System Checkpoint
RP93: 29/11/2011 9:04:49 PM - System Checkpoint
RP94: 1/12/2011 6:00:00 PM - System Checkpoint
RP95: 6/12/2011 10:08:52 AM - System Checkpoint
RP96: 8/12/2011 5:21:39 PM - System Checkpoint
RP97: 13/12/2011 4:26:54 PM - System Checkpoint
RP98: 17/12/2011 12:00:34 AM - System Checkpoint
RP99: 19/12/2011 3:39:42 PM - System Checkpoint
RP100: 21/12/2011 7:02:38 PM - System Checkpoint
RP101: 25/12/2011 5:18:36 PM - System Checkpoint
RP102: 28/12/2011 10:50:12 AM - System Checkpoint
RP103: 30/12/2011 4:12:16 PM - System Checkpoint
RP104: 31/12/2011 5:33:12 PM - System Checkpoint
RP105: 5/01/2012 1:52:26 PM - System Checkpoint
RP106: 6/01/2012 1:59:13 PM - System Checkpoint
RP107: 8/01/2012 12:26:32 PM - System Checkpoint
RP108: 9/01/2012 8:00:47 PM - System Checkpoint
RP109: 10/01/2012 11:24:22 PM - System Checkpoint
RP110: 12/01/2012 7:58:56 PM - System Checkpoint
RP111: 14/01/2012 10:54:46 AM - System Checkpoint
RP112: 15/01/2012 1:01:22 PM - System Checkpoint
RP113: 16/01/2012 1:56:00 PM - System Checkpoint
RP114: 18/01/2012 3:05:01 PM - System Checkpoint
RP115: 19/01/2012 7:49:28 PM - System Checkpoint
RP116: 21/01/2012 8:04:46 PM - System Checkpoint
RP117: 27/01/2012 8:36:49 PM - System Checkpoint
RP118: 29/01/2012 1:00:03 PM - System Checkpoint
RP119: 1/02/2012 3:56:35 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
AGEIA PhysX v2.3.3
Alien Swarm
ASIO4ALL
AssaultCube v1.0
AssaultCube v1.1.0.4
AVG 2012
Bandisoft MPEG-1 Decoder
Blender
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) - World at War(TM) 1.6 Patch
Call of Duty(R) - World at War(TM) 1.7 Patch
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
Combat Arms
Dachon 4k
Dropbox
DVD Suite
Fallout: New Vegas
FL Studio 10
FPS Creator Free
Fraps (remove only)
Ghost Recon Advanced Warfighter
GIMP 2.6.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
IL Download Manager
iResearchPanel
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 25
Java(TM) SE Development Kit 6 Update 25
Junk Mail filter update
LogMeIn Hamachi
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 1.60.1.1000
MapleStory
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT Redists
Nero 7 Essentials
Nexon Game Manager
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
OpenAL
Pando Media Booster
Portal
PowerDVD
PunkBuster Services
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RedEclipse
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Skype Click to Call
Skype™ 5.5
Steam
swMSM
System Requirements Lab CYRI
Team Fortress 2
Techne
Unity
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Zombie Driver
.
==== Event Viewer Messages From Past Week ========
.
2/02/2012 3:26:31 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
1/02/2012 3:02:55 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  TfFsMon TfSysMon
.
==== End Of File ===========================

And something very interesting with AVG

I checked my "Event History" and saw that the scan said they had found no viruses / infected files throughout all the scans which i had done

Blahthing 0 Newbie Poster · Answer 4 · 2012-02-03T12:53:30+00:00

Then I would say the AVG findings are a false postive. AVG is just not a very good anti-virus program. When researching your problem I found no other av program that found this file. I would advise you use a different anti-virus program, it certainly is one that I never recommend.
It rarely ranks among the highest or most reputable. My advice would be use Avira Free 2012 or Avast Free, but not AVG.
Your System restore is set way to large. You have restore points going back over six months. System Restore should never be used to go back that far, if it is used at all and then it should be only for a very few things.
Your Java is way out of date, you are running version 6 Update 25 and the most recent update is version 6 update 30.
Uninstall All Java listed in add/remove and then go here to download the latest version. http://www.java.com/en/download/manual.jsp

Alright, huge huge huge huge thanks for your help!, i've never dealed with a virus that wouldn't be deleted, thank you so much :)

A trojan in service.exe?!

Recommended Answers Collapse Answers

All 6 Replies

Recommended Answers