Infected services.exe and winm.dll

[Rescla]

Hello everyone,

I've been having problems with my computer lately. AVG pops up constantly with messages of infected services.exe and winm.dll. I've tried to remove it using AVG, but it's immediately replaced by a new one for some reason. I've also tried Malwarebyte, still problems. I also tried reinstalling XP, but that failed... I use an PC with an SATA HDD and that means that Setup needs 3rd party drivers to detect the HDD. The problem is that my floppy drive died, so i can't reinstall xp.

I also tried copying the original services.ex_ from the CD to the system32 folder using a move-on-boot program, but that didn't work either.

The infections are:

AVG

C:\WINDOWS\system32\services.exe Worm/Generic.BAFF

C:\WINDOWS\system32\winm.dll PSW.Banker_c.SF

OS: XP 32 bit

Here's a HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:56:08, on 27-3-2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

[Blaze]

Hello Rescla ,Welcome to Malwarebytes.org !

We don't work on Malware removal or diagnostics in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org