I need to see an AVG Antispyware log. Please attach one to your next reply.
I can find no useful info on this file: PTRSRVC.EXE. Therefore, unless you know for a fact that it`s absolutely safe, please do the following.
Please visit this link
http://virusscan.jotti.org/
* Click the
Browse... button
* Navigate to the following file
C:\WINNT\System32\PTRSRVC.EXE
* Click
Open
* Please let me know the results in your next reply.
In the meantime, do the following.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how
HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how
HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
windshi.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.254.253.227:8080
Fix this if you didn`t set this proxy yourself or don`t know what it is.
O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\System32\explorer.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\System32\windshi.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F2BB97F-FD67-4A68-9F41-5CF1D8584B5E}: NameServer = 57.20.120.33,57.20.120.60
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cns.lcag.fra.dlh.de,sap.fra.dlh.de,fra.dlh.de
Only fix the above 017 entries if they don`t belong to your ISP, or you don`t recognise the domain.
Click on the fix checked button.
Close HJT.
Locate and delete the following
bold files and/or directories(if there).
C:\WINNT\System32\
windshi.exe
C:\WINNT\System32\
explorer.exe
Reboot into normal mode and rehide your protected OS files.
Post fresh HJT and AVG Antispyware logs and let me know the result of the Jotti scan.
Regards Howard
This thread is for the use of tintin232 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.