Show Posts

1

Tech Clinic / Virus result: some programs won't launch/install

« on: May 23, 2006, 10:09:33 PM »

Mr. Guestolo,
Sorry to not have been answering but work called me away since Sunday night and I have been fretting about getting back to you.

I can uninstall and reinstall PC-Cillin as of tomorrow night, when I have time. Right now, things are running quite well. The Firewall is on and I can control it. You have been terrific and I am very happy that my system is not a total freakin' loss. That PC Cleaner! 4.51 is a marvelous tool, as were the others you showed me.

I will now do the Smitfraud Fix in safe mode.

Guestolo,
Here is the text of rapport.txt:
SmitFraudFix v2.45

Scan done at 23:04:49.64, Tue 05/23/2006
Run from C:\Documents and Settings\PhilipPallette\Desktop
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\PhilipPallette\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

2

Tech Clinic / Virus result: some programs won't launch/install

« on: May 21, 2006, 09:12:16 PM »

Guestolo,
I had Trend Micro PC-cillin going, but it is not running now. I used to have an account with McAfee and that worked pretty well. If you have a reasonable solution, please, I'll follow your advice. You definitely have a comprehensive understanding of effective tools to defeat the bad guys.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         9:59:30 PM, 5/21/2006
+ Report-Checksum:      2D5A82EF

+ Scan result:

   HKU\S-1-5-21-658165656-491105645-3059123768-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78364D99-A640-4DDF-B91A-67EFF8373045} -> Trojan.Brospy.c : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9s9j3z4b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.62:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup

::Report End

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hnytxmcb

*******************

Script file located at: \??\C:\Program Files\wbbhdbno.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\country.exe not found!
Deletion of file C:\country.exe failed!

Could not process line:
C:\country.exe
Status: 0xc0000034

File C:\Documents and Settings\All Users\Documents\Settings\20242402.dll not found!
Deletion of file C:\Documents and Settings\All Users\Documents\Settings\20242402.dll failed!

Could not process line:
C:\Documents and Settings\All Users\Documents\Settings\20242402.dll
Status: 0xc0000034

File C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll not found!
Deletion of file C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll failed!

Could not process line:
C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\20242402reg not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\20242402reg failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorphreg not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorphreg failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 10:05:05 PM, on 5/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://housecall.trendmicro.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145017420921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147664175546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

Thanks! Phil P.

3

Tech Clinic / Virus result: some programs won't launch/install

« on: May 21, 2006, 07:57:03 PM »

Guestolo,
I kinda took the liberty of disabling (not yet deleting - waiting for your instructions) but disabling for just now those four files in the log below:
C:\ms1.exe FOUND !
C:\tool4.exe FOUND !
C:\toolbar.exe FOUND !
C:\uniq FOUND !

I think these are the ones Panda found but could not delete.

I renamed the exe extensions to "old" for now and deleted the uniq file, based on the date I saw it had entered my system - it could be up to no good!

And after I did that, PowerPoint works, Skype (which my wife uses) works, and Excel works.

Please let me know what I should do next, however. I think Panda found 6 culprits as I remember.

Phil P.

4

Tech Clinic / Virus result: some programs won't launch/install

« on: May 21, 2006, 07:24:52 PM »

Guestolo:
The log -
SmitFraudFix v2.45

Scan done at 20:23:16.51, Sun 05/21/2006
Run from C:\Documents and Settings\PhilipPallette\Desktop
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\ms1.exe FOUND !
C:\tool4.exe FOUND !
C:\toolbar.exe FOUND !
C:\uniq FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PhilipPallette\Application Data

C:\Documents and Settings\PhilipPallette\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PHILIP~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{786C369D-409A-456f-A13C-971EADA850C6}"="DertertDE"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

5

Tech Clinic / Virus result: some programs won't launch/install

« on: May 21, 2006, 05:07:01 PM »

The Panda Scan (I already registered with them) It does not look good.
Incident Status Location

Potentially unwanted tool:Application/KillApp.A Not disinfected C:\country.exe
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\PhilipPallette\Application Data\Mozilla\Firefox\Profiles\lfnkxp3a.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\PhilipPallette\Application Data\Mozilla\Firefox\Profiles\lfnkxp3a.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\PhilipPallette\Application Data\Mozilla\Firefox\Profiles\lfnkxp3a.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\PhilipPallette\Application Data\Mozilla\Firefox\Profiles\lfnkxp3a.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\PhilipPallette\Application Data\Mozilla\Firefox\Profiles\lfnkxp3a.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\PhilipPallette\Application Data\Mozilla\Firefox\Profiles\lfnkxp3a.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\PhilipPallette\Application Data\Mozilla\Firefox\Profiles\lfnkxp3a.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\PhilipPallette\Cookies\philippallette@entrepreneur[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\PhilipPallette\Desktop\VundoFix.exe[process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\PhilipPallette\Local Settings\Application Data\Mozilla\Firefox\Profiles\lfnkxp3a.default\Cache\D31609E2d01[process.exe]
Spyware:Cookie/Admotion Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[admotion.com.ar/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[de.uol.com.br/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[server.iad.liveperson.net/hc/53111712]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Tereza\Application Data\Mozilla\Firefox\Profiles\a8mth8dw.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tereza\Cookies\tereza@atdmt[1].txt
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\ms1.exe
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\tool4.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\toolbar.exe
Virus:Trj/Spammer.AE Disinfected C:\WINDOWS\mctalk.exe

6

Tech Clinic / Virus result: some programs won't launch/install

« on: May 21, 2006, 04:39:44 PM »

Alright, here is the HaxFix log:
HAXFIX logfile - by Marckie
--------------
version 2.42
Sun 05/21/2006 17:31:15.64

Auto Haxdoorfix

haxdoor key: winm
searching for services....
services found
deleting services.....
[SWSC] DeleteService SUCCESS
[SWSC] DeleteService SUCCESS

rebooting the computer.....

haxdoor key: winm
searching for services....
services not found

checking if files are found.....
winm32.dll
winm32.sys
winm64.sys

deleting files.....

checking if files are deleted.....

checking for other files.....
qy.sys
qz.dll
qz.sys
klogini.dll
p3.ini
ps.a3d

deleting other files.....

checking if the files are deleted.....

Finished

And now here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:38:33 PM, on 5/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://housecall.trendmicro.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145017420921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147664175546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: 20242402reg - C:\Documents and Settings\All Users\Documents\Settings\20242402.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

I'll next be running your suggested Panda scan.
Thank you again! Phil P.

7

Tech Clinic / Virus result: some programs won't launch/install

« on: May 21, 2006, 02:53:33 PM »

Here is the haxlog.txt contents:

HAXFIX logfile - by Marckie
--------------
version 2.42
Sun 05/21/2006 15:50:44.92

checking for a3d files....
a3d files found
ps.a3d

checking for matching notify keys....
matching notify keys found
winm

checking for matching services....
matching services found
winm32
winm64

checking for matching safeboot services....
matching safeboot services found
winm32.sys
winm64.sys

Thanks! Phil P.

8

Tech Clinic / Virus result: some programs won't launch/install

« on: May 21, 2006, 07:09:31 AM »

Dear Friends on the Board,
I got hit by a virus after stupidly opening up an email I thought I recognized. It's a fairly new DELL system now ruined by this thing and I couldn't tell you what it is. I have perused a few very informative boards and run a lot of stuff - some things fixed. Here is a rundown of current casualties:
Powerpoint won't open
Excel only opens in /safe mode
Word seems to run fine!
Helpful little recommended programs like Ewido and VindoFix will download but will not install.
Windows Firewall "Due to an unidentified problem, cannot display Windows Firewall Settings"
(After running a recommended fix on one of the forums, the Firewall came back to life, but has since started
displaying the error again)
For a while Task Manager was not opening, but after running Kelly's fix, it now works fine.
I tooled around in the Group Policy settings for firewall, made a couple changes that did not help.
Now I can never find my way back to where I made those changes to unchange them.
Guestolo suggested to another user to download and install latest HiJack This to its own folder on the HDD
and I did that, too. Here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 7:54:18 AM, on 5/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://housecall.trendmicro.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145017420921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147664175546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: 20242402reg - C:\Documents and Settings\All Users\Documents\Settings\20242402.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

I have a feeling that the winm32.dll thing is bad, but perhaps one of you could take a look at this
and help me out. Working on a big PowerPoint presentation.
thanks, Phil

TheTechGuide Forum

News:

Messages - philip38

Tech Clinic / Virus result: some programs won't launch/install

Tech Clinic / Virus result: some programs won't launch/install

Tech Clinic / Virus result: some programs won't launch/install

Tech Clinic / Virus result: some programs won't launch/install

Tech Clinic / Virus result: some programs won't launch/install

Tech Clinic / Virus result: some programs won't launch/install

Tech Clinic / Virus result: some programs won't launch/install

Tech Clinic / Virus result: some programs won't launch/install