Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Closed Topic
 
Topic Tools
  #1  
Old June 19th, 2008, 07:55 AM
M.Nick M.Nick is offline
Member
 
Join Date: May 2008
Posts: 55
Doubtful hidden files

Hi
when I open my Microsoft Word files, a hidden file opens with it and sometimes my Anti Virus becomes disable
these are my Hijackthis logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:53 ?.?, on 2008/06/19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://d:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 4039 bytes


  #2  
Old June 20th, 2008, 07:16 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,139
Hello M.Nick,

Is it a ghost-Word document-like file appearing? That is normal when opening .doc files. I don't see any signs of active infection in this log. Is your Antivirus disabled only when you open the Word documents? Have you set your Start Page to "about:blank"? I would like to see another type of reports.

Download Deckard's System Scanner (dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules


Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt). Also a the second text file, extra.txt, will show as minimized in your Task Bar. Maximize/Open this, and copy/paste those contents back here along with the main.txt please. (The logs can also be found in the C:\Deckard\System Scanner folder)
  #3  
Old June 21st, 2008, 06:47 PM
M.Nick M.Nick is offline
Member
 
Join Date: May 2008
Posts: 55
Quote:
Is it a ghost-Word document-like file appearing?
yeah and it has "$" at the beginning of its name

Quote:
Is your Antivirus disabled only when you open the Word documents?
no it usually becomes disable when I want to connect to the internet via Dial-up and at first dialing,and an error occured and if didn't make mistake it was error 719 or 721
Quote:
Have you set your Start Page to "about:blank"?
yeah it is always blank


Deckard's System Scanner v20071014.68
Run by m on 2008-06-21 22:13:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

System Drive C: has 0.68 GiB (less than 15%) free.


-- HijackThis (run as m.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:12 ?.?, on 2008/06/21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\m\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\m.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://d:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - d:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3680BFEF-6D89-4F96-B63C-85951888F3C5}: NameServer = 217.218.127.104 4.2.2.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{3680BFEF-6D89-4F96-B63C-85951888F3C5}: NameServer = 217.218.127.104 4.2.2.4
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 4374 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-17 13:54:26 0 d-------- C:\Bruce Almithy
2008-06-07 12:42:15 0 dr-h----- C:\Documents and Settings\m\Recent
2008-06-02 12:10:38 0 drahs---- C:\autorun.inf
2008-05-28 18:09:47 58048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2008-05-28 18:09:46 108256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
2008-05-28 18:09:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2008-05-28 18:09:31 0 d-------- C:\Program Files\Common Files\Network Associates
2008-05-27 20:15:14 0 d--hs---- C:\FOUND.003
2008-05-27 14:22:09 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-25 22:19:51 0 d-------- C:\quarantine
2008-05-25 22:18:27 68096 --a------ C:\WINDOWS\zip.exe
2008-05-25 22:18:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-25 22:18:27 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-25 22:18:27 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-25 22:18:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-25 22:18:27 98816 --a------ C:\WINDOWS\sed.exe
2008-05-25 22:18:27 80412 --a------ C:\WINDOWS\grep.exe
2008-05-25 22:18:27 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >


-- Find3M Report ---------------------------------------------------------------

2008-04-24 22:00:00 1977350 --a------ C:\ComboFix.exe
2008-04-14 16:30:00 53248 --a------ C:\WINDOWS\system32\tsgqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 16:30:00 290304 --a------ C:\WINDOWS\system32\rhttpaa.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 16:30:00 7168 --a------ C:\WINDOWS\system32\bitsprx4.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 16:30:00 136192 --a------ C:\WINDOWS\system32\aaclient.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 276992 --a------ C:\WINDOWS\system32\wmphoto.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 69120 --a------ C:\WINDOWS\system32\wlanapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 346112 --a------ C:\WINDOWS\system32\windowscodecsext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 712704 --a------ C:\WINDOWS\system32\windowscodecs.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 28672 --a------ C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 50688 --a------ C:\WINDOWS\system32\tspkg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 32768 --a------ C:\WINDOWS\system32\setupn.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2008-04-14 12:00:00 61952 --a------ C:\WINDOWS\system32\rasqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 76800 --a------ C:\WINDOWS\system32\qutil.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 62464 --a------ C:\WINDOWS\system32\qcliprov.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 291328 --a------ C:\WINDOWS\system32\qagentrt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 150528 --a------ C:\WINDOWS\system32\qagent.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 412160 --a------ C:\WINDOWS\system32\photometadatahandler.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 144384 --a------ C:\WINDOWS\system32\onex.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 176640 --a------ C:\WINDOWS\system32\napstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 193024 --a------ C:\WINDOWS\system32\napmontr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 30208 --a------ C:\WINDOWS\system32\napipsec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 79872 --a------ C:\WINDOWS\system32\msxml6r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 6.0>
2008-04-14 12:00:00 1306624 --a------ C:\WINDOWS\system32\msxml6.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 6.0 SP2>
2008-04-14 12:00:00 76800 --a------ C:\WINDOWS\system32\msshavmsg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 155136 --a------ C:\WINDOWS\system32\mssha.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 33792 --a------ C:\WINDOWS\system32\mmcperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 106496 --a------ C:\WINDOWS\system32\mmcfxcommon.dll <Not Verified; Microsoft Corporation; Microsoft (R) Windows (R) Operating System>
2008-04-14 12:00:00 397312 --a------ C:\WINDOWS\system32\mmcex.dll <Not Verified; Microsoft Corporation; Microsoft (R) Windows (R) Operating System>
2008-04-14 12:00:00 37376 --a------ C:\WINDOWS\system32\l2gpstore.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 61440 --a------ C:\WINDOWS\system32\kmsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 6144 --a------ C:\WINDOWS\system32\kbdpash.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 6144 --a------ C:\WINDOWS\system32\kbdnepr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 6144 --a------ C:\WINDOWS\system32\kbdiultn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 6144 --a------ C:\WINDOWS\system32\kbdbhc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 33792 --a------ C:\WINDOWS\system32\eapsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 59392 --a------ C:\WINDOWS\system32\eapqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 40960 --a------ C:\WINDOWS\system32\eappprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 180224 --a------ C:\WINDOWS\system32\eapphost.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 94208 --a------ C:\WINDOWS\system32\eappgnui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 126976 --a------ C:\WINDOWS\system32\eappcfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 184832 --a------ C:\WINDOWS\system32\eapp3hst.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 30720 --a------ C:\WINDOWS\system32\eapolqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 650752 --a------ C:\WINDOWS\system32\dot3ui.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 132096 --a------ C:\WINDOWS\system32\dot3svc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 56320 --a------ C:\WINDOWS\system32\dot3msm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 39936 --a------ C:\WINDOWS\system32\dot3gpclnt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 9216 --a------ C:\WINDOWS\system32\dot3dlg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 57856 --a------ C:\WINDOWS\system32\dot3cfg.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 26112 --a------ C:\WINDOWS\system32\dot3api.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 39936 --a------ C:\WINDOWS\system32\dimsroam.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 19456 --a------ C:\WINDOWS\system32\dimsntfy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 48640 --a------ C:\WINDOWS\system32\dhcpqec.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 12800 --a------ C:\WINDOWS\system32\credssp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 233472 --a------ C:\WINDOWS\system32\azroles.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 12:00:00 250048 -rahs---- C:\ntldr
2008-04-07 21:58:00 22764 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-04 00:52:14 550 --a------ C:\Documents and Settings\m\Application Data\AutoGK.ini
2008-03-27 23:44:48 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ShStatEXE"="D:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 09:48 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"d:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LAUNCH~1]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
"D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync2]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDServ]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UdaterUI]
"D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vdriver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yamaha DS-XG Driver]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ypager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"McAfeeFramework"=2 (0x2)
"matlabserver"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2008-06-21 22:14:57 ------------

Last edited by M.Nick; June 21st, 2008 at 07:15 PM.
  #4  
Old June 21st, 2008, 06:49 PM
M.Nick M.Nick is offline
Member
 
Join Date: May 2008
Posts: 55
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 511.48 MiB / 183.42 MiB
Pagefile Memory (total/avail): 1250.59 MiB / 1019.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.04 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 9.76 GiB total, 0.8 GiB free.
D: is Fixed (FAT32) - 14.63 GiB total, 0.72 GiB free.
E: is Fixed (FAT32) - 14.63 GiB total, 1 GiB free.
F: is Fixed (NTFS) - 14.65 GiB total, 0.77 GiB free.
G: is Fixed (FAT32) - 22.6 GiB total, 1.73 GiB free.
I: is CDROM (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080L0 - 76.33 GiB - 5 partitions
\PARTITION0 (bootable) - Unknown - 9.77 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 66.55 GiB - D: - E: - F: - G:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="D:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\Prog ram Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*isabled :Bluetooth Application"
"D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yah oo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\m\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=M-07D163C911E34
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\m
LOGONSERVER=\\M-07D163C911E34
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\sys tem32\WBEM;C:\Program Files\MATLAB71\bin\win32
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\m\LOCALS~1\Temp
TMP=C:\DOCUME~1\m\LOCALS~1\Temp
USERDOMAIN=M-07D163C911E34
USERNAME=m
USERPROFILE=C:\Documents and Settings\m
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

m (admin)
n


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\Setup.exe" -l0x9
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Aplus DVD to DivX XviD Ripper 8.28 --> "d:\Program Files\Aplus DVD to DivX XviD Ripper\unins000.exe"
ASCOM Platform 3.0 --> C:\PROGRA~1\COMMON~1\ASCOM\TELESC~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\ASCOM\TELESC~1\INSTALL.LOG
Auto Gordian Knot 2.40 --> d:\Program Files\AutoGK\uninst.exe
Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
Call Of Duty 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 0\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1456E9A7-C6FE-49B7-8CB5-C9EF441F317E}\setup.exe" -l0x9
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CloneCD --> "d:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="d:\Program Files\SlySoft\CloneCD"
Delta Force - Black Hawk Down --> C:\WINDOWS\IsUninst.exe -f"d:\Program Files\NovaLogic\Delta Force Black Hawk Down\Uninst.isu"
EA SPORTS™ NBA LIVE 08 --> MsiExec.exe /X{39C8EFBA-042B-11DC-A860-0EE955D89593}
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
IsoBuster 1.9 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
K-Lite Mega Codec Pack 1.60 Beta --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
MATLAB 7.1 --> C:\Program Files\MATLAB71\uninstall\uninstall.exe C:\Program Files\MATLAB71\
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> d:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RegCure 1.0.0.43 --> C:\Program Files\RegCure\uninst.exe
Starry Night Pro 5 --> "f:\Program Files\Starry Night Pro 5\Uninstall Starry Night Pro 5\Uninstall Starry Night Pro 5.exe"
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
The KMPlayer (remove only) --> "C:\Program Files\The KMPlayer\uninstall.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC45 7D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F89 30057B44B8864F236850B0D49D65\nokbtmdm.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XingMPEG Player --> D:\PROGRA~1\XING\XINGMP~1\UNINST.EXE D:\PROGRA~1\XING\XINGMP~1\INSTALL.LOG
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
Yahoo! Messenger --> D:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE D:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4940 / Warning
Event Submitted/Written: 04/20/2008 09:11:32 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from M-07D163C911E34 IP 127.0.0.1 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type4921 / Warning
Event Submitted/Written: 04/20/2008 03:31:16 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The Scan was unable to scan password protected file g:\System Volume Information\_restore{D3F0CCB0-9F97-4B22-9D2A-E09241E930E4}\RP8\A0006276.exe\KAMYABONLINE.COM.JP G. Scan engine version used is 5200 DAT version 5296.(from M-07D163C911E34 IP 127.0.0.1 user m running VirusScan Enter 8.0 On-Demand Scan)

Event Record #/Type4920 / Warning
Event Submitted/Written: 04/20/2008 03:31:13 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The Scan was unable to scan password protected file g:\System Volume Information\_restore{D3F0CCB0-9F97-4B22-9D2A-E09241E930E4}\RP8\A0006275.exe\KAMYABONLINE.COM.JP G. Scan engine version used is 5200 DAT version 5296.(from M-07D163C911E34 IP 127.0.0.1 user m running VirusScan Enter 8.0 On-Demand Scan)

Event Record #/Type4919 / Warning
Event Submitted/Written: 04/20/2008 03:31:10 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The Scan was unable to scan password protected file g:\System Volume Information\_restore{D3F0CCB0-9F97-4B22-9D2A-E09241E930E4}\RP8\A0006274.exe\NOD32_V3_FIX_1.1-TEMDONO.EXE. Scan engine version used is 5200 DAT version 5296.(from M-07D163C911E34 IP 127.0.0.1 user m running VirusScan Enter 8.0 On-Demand Scan)

Event Record #/Type4918 / Warning
Event Submitted/Written: 04/20/2008 03:31:10 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The Scan was unable to scan password protected file g:\System Volume Information\_restore{D3F0CCB0-9F97-4B22-9D2A-E09241E930E4}\RP8\A0006273.exe\AAW2007.EXE. Scan engine version used is 5200 DAT version 5296.(from M-07D163C911E34 IP 127.0.0.1 user m running VirusScan Enter 8.0 On-Demand Scan)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23673 / Error
Event Submitted/Written: 04/19/2008 11:14:47 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type23672 / Error
Event Submitted/Written: 04/19/2008 11:14:41 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type23651 / Warning
Event Submitted/Written: 04/19/2008 10:24:43 PM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot M-07D163C911E34 failed

Event Record #/Type23414 / Warning
Event Submitted/Written: 04/17/2008 11:43:12 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging operation.

Event Record #/Type23413 / Warning
Event Submitted/Written: 04/17/2008 11:43:12 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom1 during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-04-20 21:12:08 ------------
  #5  
Old June 21st, 2008, 07:44 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,139
I don't see any signs of active infection.

You have less than 15% free space left for your C: drive, which is the minimum required for it to function properly.

For that 719 error you are receiving, you may have to reinstall DUN/RAS, but networking is not my area and best to ask this question in the Networking forum after we finish up here.

Does your Antivirus start working again if you wait a while? How do you understand that it stops working?
  #6  
Old June 21st, 2008, 10:39 PM
M.Nick M.Nick is offline
Member
 
Join Date: May 2008
Posts: 55
Quote:
Originally Posted by Morfeasss View Post
Does your Antivirus start working again if you wait a while? How do you understand that it stops working?
It starts working after a reboot
I can easily see it in its properties and on its icon in my Toolbars
  #7  
Old June 22nd, 2008, 11:39 AM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,139
Ok let's re-enable a Service you have disabled and see if this helps.

Click Start> Run, type msconfig and press Enter. In the window that opens under the Services tab check the following item

McAfeeFramework

Click Apply and OK, reboot afterwards.

See if this corrects the issue and let me know please.

Did you notice this after a change you did in your system? For example a new software installation or other?
  #8  
Old June 22nd, 2008, 05:44 PM
M.Nick M.Nick is offline
Member
 
Join Date: May 2008
Posts: 55
ok but I should wait for about 10 days because I have credit Internet card and if I see the problem again, I'll come here again

Quote:
Originally Posted by Morfeasss View Post

Did you notice this after a change you did in your system? For example a new software installation or other?
No, I don't think so.
  #9  
Old June 22nd, 2008, 07:35 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,139
I know what that is like. Post back when you can.
  #10  
Old June 22nd, 2008, 11:15 PM
M.Nick M.Nick is offline
Member
 
Join Date: May 2008
Posts: 55
I can post here but I should wait till my current card being expired and get my new card because this problem occurred just at the first dialing and sometimes by a redial this problem can be solved easily and sometimes I must turn off my Windows firewall

Thanks!
  #11  
Old June 23rd, 2008, 04:35 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,812
Quote:
Originally Posted by M.Nick View Post
ok but I should wait for about 10 days because I have credit Internet card and if I see the problem again, I'll come here again
No you wont. You are not to post in this forum again M.Nick. More illegal software has been identified on your machine and we do NOT help pirates here. I have already told you this so if I see you post here again I will ban you from this site. You may also consider your other topics closed too.
Closed Topic

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 03:58 AM.