Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntivirusGold problem (I think)


  • This topic is locked This topic is locked
9 replies to this topic

#1 luis horta

luis horta

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 05 July 2005 - 10:25 AM

i have problems... Need help, please!

I run ad-aware; ccleaner; cleanup; mcafee anti virus and spybot

Logfile of HijackThis v1.99.1
Scan saved at 15:29:41, on 05-07-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\SHSTAT.EXE
C:\Documents and Settings\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\MSN\MSNCoreFiles\msn6.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\JEsteves.WOP\Definiçġes locais\Temp\Directório temporário 1 para hijackthis.zip\HijackThis.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Documents and Settings\All Users\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Documents and Settings\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iexplore.exe] C:\Programas\Internet Explorer\iexplore.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programas\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118741769090
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = (confidencial)
O17 - HKLM\Software\..\Telephony: DomainName = (confidencial)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D49C6ED4-3DF5-44D7-BD9D-FB4D14C05EDD}: NameServer = 192.168.1.1,192.168.1.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = (confidencial)
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Documents and Settings\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Documents and Settings\All Users\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Documents and Settings\All Users\VsTskMgr.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:16 PM

Posted 05 July 2005 - 10:50 PM

Hello luis horta and welcome to the BC malware forums. It appears that this log is either incomplete or was run from Safe Mode. We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer.

Important
Your copy of HijackThis needs to be in a folder of it's own. If it is run from Temporary folders the backups and HijackThis itself could be accidentally deleted if the Temporary folders are cleaned. If it is run from the desktop then the backup files and folders can clutter up the desktop and be accidentally deleted. If it is run from inside a compressed file then the backups are not created at all.
  • Please open My Computer
  • Double-click on Local Disk (C:)
  • Click on the File menu, point to New and then click on Folder. Name the folder 'HijackThis' or 'HJT'.
  • Unzip to or copy and paste HijackThis.exe to the new folder (do not run HijackThis directly out of the sfx or compressed file).
Now, boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

I will review your log when it comes in.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 luis horta

luis horta
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 06 July 2005 - 07:53 AM

Thanks for the help Oldtimer and sorry my poor english.

I put the hijack on the drive C.

New log

Logfile of HijackThis v1.99.1
Scan saved at 12:57:03, on 06-07-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\SHSTAT.EXE
C:\Documents and Settings\Common Framework\UpdaterUI.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\MSN\MSNCoreFiles\msn6.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\Hijack This\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Documents and Settings\All Users\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Documents and Settings\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programas\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118741769090
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wop.pt
O17 - HKLM\Software\..\Telephony: DomainName = wop.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{D49C6ED4-3DF5-44D7-BD9D-FB4D14C05EDD}: NameServer = 192.168.1.1,192.168.1.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wop.pt
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Documents and Settings\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Documents and Settings\All Users\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Documents and Settings\All Users\VsTskMgr.exe

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:16 PM

Posted 06 July 2005 - 12:02 PM

Hi luis horta. There is nothing showing in this log. Was it run from Safe Mode? There are services for McAfee and ewido (there should be more services listed) but they are not running. They have either been disabled or are simply not functioning.

Can you give me some details regarding the specific problems that you are encountering (what happened, when it happened, what specifically is happening now). From the information seen in the log we might have to either do a System Restore or a Repair Install.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 luis horta

luis horta
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 06 July 2005 - 12:33 PM

Hi Oldtimer, and thanks again!

When I start up my computer I get an blank IE page (no more because i fixed this with the hijack). Macafee recognises the viruses but wont remove the problem.

I have done a RAV scan online and this was the scan profile:
RAV AntiVirus - Online Virus Scan
Scan started at 06-07-2005 9:48:13

Scanning memory...
C:\WINDOWS\_default.pif->ADS:qapewp - TrojanDownloader:Win32/Agent.HT -> Infected
C:\WINDOWS\_default.pif->ADS:fyelz - TrojanDownloader:Win32/Agent.HT -> Infected


Found
============================
Viruses found: 1
Suspicious files: 0
Disinfected files: 0

The spybot find something but cant fixed them:
Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW

Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE

Trek Blue Error Nuker: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA


--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-06-30 Includes\Dialer.sbi
2005-06-30 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-06-30 Includes\Malware.sbi
2005-06-09 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-06-09 Includes\Security.sbi
2005-06-30 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-06-30 Includes\Trojans.sbi

My desktop was changed, now i see a alternated color from grey to white. When the color of screen its grey i cant click on the icons from the desktop!!!!
right click with mouse from the screen (when its grey and i cant click on the icons)
and chose see the code, like this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!----
***** This file is automatically generated by Microsoft Windows *****
--------><HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY
style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none"
bottomMargin=0 bgColor=#004e98 leftMargin=0 background="" topMargin=0
rightMargin=0>
<DIV
style="LEFT: 0px; WIDTH: 1024px; POSITION: absolute; TOP: 0px; HEIGHT: 768px"><IMG
style="LEFT: 0px; WIDTH: 100%; POSITION: absolute; TOP: 0px; HEIGHT: 100%" cache
src="file:///C:/Documents%20and%20Settings/JEsteves.WOP/Defini%E7%F5es%20locais/Application%20Data/Microsoft/Wallpaper1.bmp">
</DIV><IFRAME id=1
style="Z-INDEX: 1002; BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 1024px; POSITION: absolute; TOP: 1px; HEIGHT: 737px"
name=DeskMovrW marginWidth=0 marginHeight=0 src="file:///C:/WINDOWS/screen.html"
frameBorder=0 scrolling=no subscribed_url="" resizeable=""> </IFRAME>
<OBJECT id=ActiveDesktopMover
style="LEFT: 0px; VISIBILITY: hidden; WIDTH: 0px; POSITION: absolute; TOP: 0px; HEIGHT: 0px; container: positioned; zIndex: 5"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>
<OBJECT id=ActiveDesktopMoverW
style="Z-INDEX: 1001; LEFT: -1px; VISIBILITY: hidden; WIDTH: 1026px; POSITION: absolute; TOP: 0px; HEIGHT: 739px; container: positioned"
classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT>&nbsp;
</BODY></HTML>


thanks a lot

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:16 PM

Posted 06 July 2005 - 04:18 PM

Hi luis horta. Ok, let's take care of some of these issues.

To fix the desktop do the following:

WinXP - Fix Desktop

Launch Notepad, and copy/paste the text in the quotebox below into the new document. Save it to a folder you can find later as fixdisplay.reg :

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=hex:00,00,00,00
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"SetVisualStyle"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ThemeActive"="1"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
  00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
  6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
  00,00,00


Use Windows Explorer to navigate to the folder you saved fixdisplay.reg to and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

Restart your computer normally. Right-click on the desktop and choose Properties. Click on the Desktop tab, then the Customize button and then the Web tab. Uncheck all of the items listed and then delete all of the entries except My Current Home Page.

Save the changes and make any other changes you want to your desktop properties.


In regards to the C:\WINDOWS\_default.pif file, just go in and delete it. If you cannot find it you might have to show hidden files by doing the following:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
That should resolve the problems that you have outlined.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 luis horta

luis horta
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 07 July 2005 - 09:50 AM

Hi and thanks again, Oldtimer!

i cant run your tool (but i do that manually with the regedit) i think its ok

I cant run because on that account of the PC i dont have administrator rights

My desktop its ok now, but i think thats something to do on my pc!

My new and fresh hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 14:51:28, on 07-07-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\SHSTAT.EXE
C:\Documents and Settings\Common Framework\UpdaterUI.exe
C:\Programas\Messenger\msmsgs.exe
C:\Hijack This\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ShStatEXE] "C:\Documents and Settings\All Users\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Documents and Settings\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programas\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118741769090
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wop.pt
O17 - HKLM\Software\..\Telephony: DomainName = wop.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{D49C6ED4-3DF5-44D7-BD9D-FB4D14C05EDD}: NameServer = 192.168.1.1,192.168.1.252
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wop.pt
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Documents and Settings\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Documents and Settings\All Users\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Documents and Settings\All Users\VsTskMgr.exe

Thanks again

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:16 PM

Posted 07 July 2005 - 05:44 PM

Hi luis horta. Well, the log looks good. How are things running? Any more problems?

There's not alot of other things I can do if you do not have Administrator rights. If you are still having problems then you should probabaly contact your network administrator.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 luis horta

luis horta
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 08 July 2005 - 04:52 AM

Hi and thanks oltimer

now i think my system its ok!

i downloaded the system mechanism 5 and fix some of my bad configuration system.

looks run ok all my PC.

Thanks for your time and wonderfull help.

i hope in the future can help you too!

THANKS A LOT!
:thumbsup:
:flowers:

#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:16 PM

Posted 09 July 2005 - 08:59 PM

You're very welcome luis horta. I'm glad that we could help.

Now that your malware issues have been resolved I will close this topic. If you need it reopened for this same issue then please PM me. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users