I have been given the task of trying to fix this computer. The owner does not have a windows XP home disk so reinstall is out. When booted normally the PC can barely function. most applications will not run, even opening my computer is impossible. viewing the task manager I see that whatever application I try to run consistantly uses 99% of the system resources, for instance idle process will be 99%, I open IE and for however long I wait Iexplore.exe will use 99% of system resources, IE never opens.
I cannot install AVG. The final installtion step of AVG requires a file named something like avg7.sys to start. This step errors because the RPC service is not running. I try manually to start the service but recieve an error that the service does not respond in a timely fasion and never starts. I was unable to install windows defender but I did succeed in networking the PC and scanning the c drive with windows defender with another PC. I thought scanning with AVG would be good however free AVG does not allow scanning of mapped drives.
Via housecall I know the names of the viruses, PE_tras.A and Trojan_agent.toz.
Below I will post the scan from panda AV website and hijack this log (I am only able to run hijackthis from safe mode at the moment so Im not sure how usefull it will be). Panda did say it removed some viruses so I will reboot after this post and rescan then post the results.
Panda
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fcccdby.dll
Spyware:spyware/web3000 Not disinfected c:\windows\hh.ico
Adware:adware/commad Not disinfected Windows Registry
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][4].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][5].txt
Virus:Trj/Agent.HYR Disinfected C:\Documents and Settings\Ellen Brown\Application Data\Microsoft\Windows\fgbpiyv.exe
Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Ellen Brown\Cookies\ellen brown@advancedcleaner[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ellen Brown\Cookies\ellen [email protected][1].txt
Possible Virus. Not disinfected C:\Documents and Settings\Ellen Brown\Local Settings\Temp\TMP15.tmp
Possible Virus. Not disinfected C:\Documents and Settings\Ellen Brown\Local Settings\Temp\TMP17.tmp
Possible Virus. Not disinfected C:\Documents and Settings\Ellen Brown\Local Settings\Temp\TMP19.tmp
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Ellen Brown\Local Settings\Temporary Internet Files\Content.IE5\C1MVSX2Z\f4d28682d186cc6beb75f106d133f489[1].zip[b128.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Ellen Brown\Local Settings\Temporary Internet Files\Content.IE5\C1MVSX2Z\ptch[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Ellen Brown\Local Settings\Temporary Internet Files\Content.IE5\CL6F8D6R\ptch[1]
Virus:Trj/Agent.HYR Disinfected C:\Documents and Settings\Ellen Brown\Local Settings\Temporary Internet Files\Content.IE5\SB6FYF41\wtrec.prod.v10006.11dec2007.exe[1].c516a643c558a4d4daa4efafd47eff15
Possible Virus. Not disinfected C:\Documents and Settings\Ellen Brown\Local Settings\Temporary Internet Files\Content.IE5\YJ6DUD23\wintouch.prod.v10015.11dec2007.exe[1].4ccc08fb3ce7ead370a0f9da32f020e7
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@casalemedia[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric [email protected][1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@targetsaver[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Eric Brown\Cookies\eric brown@zedo[1].txt
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Eric Brown\Local Settings\Temp\0010f9e2.sys
Adware:Adware/TopSpyware Not disinfected C:\Documents and Settings\Eric Brown\Local Settings\Temp\360132hp132a.exe
Possible Virus. Not disinfected C:\Documents and Settings\Eric Brown\Local Settings\Temp\360132hp132b.exe
Virus:Trj/Downloader.PLF Not disinfected C:\Documents and Settings\Eric Brown\Local Settings\Temp\360132hp132d.exe[nGpxx132218.exe]
Adware:Adware/Adband Not disinfected C:\Documents and Settings\Eric Brown\Local Settings\Temp\D109.tmp
Virus:Trj/Downloader.RUZ Disinfected C:\Documents and Settings\Eric Brown\Local Settings\Temp\ismtpa8.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Documents and Settings\Eric Brown\Local Settings\Temp\TMP114.tmp
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Documents and Settings\Eric Brown\Local Settings\Temp\TMP117.tmp
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
Adware:Adware/Adband Not disinfected C:\Program Files\ISM\ism.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\ISM\Uninstall.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrDrive\QdrDrive9.dll
Possible Virus. Not disinfected C:\Program Files\QdrDrive\qdrloader.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrModule\QdrModule11 .exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrModule\QdrModule11.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrPack\QdrPack11 .exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\QdrPack\QdrPack11.exe
Adware:Adware/Matcash Not disinfected C:\Program Files\Router\UnInstall.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\b128.exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\F?nts\w?nlogon.exe
Virus:Trj/Downloader.PLF Disinfected C:\WINDOWS\system32\nGpxx13\nGpxx132218.exe
Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:13 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 194.54.90.238 www.google.com
O1 - Hosts: 194.54.90.238 www.google.ca
O1 - Hosts: 194.54.90.238 www.google.com.ag
O1 - Hosts: 194.54.90.238 www.google.com.ar
O1 - Hosts: 194.54.90.238 www.google.com.au
O1 - Hosts: 194.54.90.238 www.google.at
O1 - Hosts: 194.54.90.238 www.google.az
O1 - Hosts: 194.54.90.238 www.google.be
O1 - Hosts: 194.54.90.238 www.google.com.br
O1 - Hosts: 194.54.90.238 www.google.vg
O1 - Hosts: 194.54.90.238 www.google.bi
O1 - Hosts: 194.54.90.238 www.google.ca
O1 - Hosts: 194.54.90.238 www.google.td
O1 - Hosts: 194.54.90.238 www.google.cl
O1 - Hosts: 194.54.90.238 www.google.com.co
O1 - Hosts: 194.54.90.238 www.google.co.cr
O1 - Hosts: 194.54.90.238 www.google.dk
O1 - Hosts: 194.54.90.238 www.google.com.do
O1 - Hosts: 194.54.90.238 www.google.fm
O1 - Hosts: 194.54.90.238 www.google.fi
O1 - Hosts: 194.54.90.238 www.google.fr
O1 - Hosts: 194.54.90.238 www.google.gm
O1 - Hosts: 194.54.90.238 www.google.ge
O1 - Hosts: 194.54.90.238 www.google.de
O1 - Hosts: 194.54.90.238 www.google.com.gi
O1 - Hosts: 194.54.90.238 www.google.com.gr
O1 - Hosts: 194.54.90.238 www.google.gl
O1 - Hosts: 194.54.90.238 www.google.gg
O1 - Hosts: 194.54.90.238 www.google.co.il
O1 - Hosts: 194.54.90.238 www.google.it
O1 - Hosts: 194.54.90.238 www.google.co.kr
O1 - Hosts: 194.54.90.238 www.google.lu
O1 - Hosts: 194.54.90.238
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu11.exe 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A284662EA4EBF
968951185EFC412806867680AEDE604D64C2661373F80FB68AD6
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSI Loader] C:\Program Files\Common Files\Smith Micro Shared\Fax\SMLoader.exe /PRNDRV
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MotiveMonitor] "C:\Program Files\Motive\AsstCommon\motmon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153765131\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [0418d60c] rundll32.exe "C:\WINDOWS\system32\gcdmxykv.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MediaTV Monitor.lnk = C:\Program Files\ADS Tech\MediaTV\MediaTVMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...omaha-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...ibaba-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.co...deuce-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.co...fancy-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...igsaw-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...swild-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...mbee2-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Video Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.co...mesLauncher.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RWxsZW4gIEJyb3du\command.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hvcbhywd.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 10304 bytes
quick updated.
I ran housecall and it does seem like panda removed some housecall had previously been unable to but the big one is still there 'PE_trats.A' along with a downloader 'Troj_vundo.aca' and 'PE_tras.a-o'. Housecall shows that these viruses are associated with the wireless card (zcfgsrvc.exe) ctfmon.exe snf fcccdby.dll (whatever that is). Im fear if I try booting in normal mode again I will only allow the trojans to install all the malware I have removed. I think at this point I will wait patiently for advice.
Edited by iceblood, 12 February 2008 - 02:38 PM.