The following computer is owned by my grantfather, who likes to ebay old radios & things. I set up the PC two years ago, installed all available updates and bought him an antivirus scanner (Panda Antivirus), that always keeps itself up to date. That was more than a year ago, no further updates were installed.
A week or two ago, he got an email with a file attachement that he foolishly opened. It seems that this deactivated PAV (panda anti virus) and let in several other viruses and dialers.
This guy knows absolutely nothing about PC's, so my only way to fix his problem is by using VNC (a remote control for PCs), because i am several hunded miles away from him.
I reinstalled PAV, which detected 5 viruses and several dialers at once. I installed all windows update i could find, used CDShredder, adaware, spybot.
The PC crashes whenever i try to install SP2 or use automated windows updates, so there is no way i can see to update tp SP2.
adaware and spybot identify some malware, but are not able to remove it. It always shows up again after a system restart.
This is the hijack this logfile. I hope i did everything right and it provides you with the necessary information.
------------------------------------------
------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:58:00, on 15.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Programme\RealVNC\VNC4\WinVNC4.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\SurfAccuracy\SAcc.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Dokumente und Einstellungen\Gerd\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteowm32.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programme\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123931199015
O17 - HKLM\System\CCS\Services\Tcpip\..\{34CD470C-A739-413B-B18C-672DD370FCDE}: NameServer = 217.237.149.161 217.237.151.225
O17 - HKLM\System\CCS\Services\Tcpip\..\{C14B849E-BA5C-484E-856B-55F86A6D7263}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programme\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Programme\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\VNC4\WinVNC4.exe" -service (file missing)