Just now checking stuff, i opened up Wormguard and it says " UNREGISTERED TRIAL VERSION" which it is not because i paid for it. and i click on "install" to install protection, then on "Test" and i get "Protection is not enabled" i'm puzzled here ( though that is nothing new, sigh ) any suggestions ? Mike
Hi Mike, Re-copy your keyfile (wormguard.kf) to the Wormguard directory, which by default is C/Wormguard - it may have become corrupt or removed. Steve
Hi there, few questions: - did you reboot after installation? - did you make changes to your system, change location or name of the WormGuard directory since it's install, - did you press the "install" button and which result does that one give you? The unregistered message is a glitch which some systems see but the protection should be working correctly. - has it ever been different after the install? If still not working you can close all protection and all scanners and install WormGuand one more time over itself, if that is still not ok uninstall it, reboot, and with all other applications and resident protection and scanners closed install wormguard, reboot and see if all is ok now. Keep us informed please.
Hello Jooske: First, my thanks to you and everyone else here for helping me so much over the past few years. Hi there, few questions: - did you reboot after installation? this was not a new install, i was looking around on my computer and just found this out - did you make changes to your system, change location or name of the WormGuard directory since it's install, Very likely, i'm always changing things around, i probably did change the location but not the name. - did you press the "install" button and which result does that one give you? The unregistered message is a glitch which some systems see but the protection should be working correctly. Yes i did and i get a message "WormGuard core components have been installed". And i found my keyfile and WG admits that it is registered to me now. If still not working you can close all protection and all scanners and install WormGuand one more time over itself, if that is still not ok uninstall it, reboot, and with all other applications and resident protection and scanners closed install wormguard, reboot and see if all is ok now. I have now tried all of the above, i still get a " Protection is not enabled " message. I'm now waiting on a new Keyfile from Diamond CS on the possibility that my current one is corrupt. Thanks again Mike
I don't expect the keyfile to be the problem. Maybe something is blocking your correct installation of the protection. The ünregistered"is not the main thing, it's the protection installation. Are you really sure there was not any protective application active? Have you tried in safe mode? When the last time you uninstalled did you make sure the whole directory was removed as well, registry clean and rebooted before the new install? If it's not all this, nor safe mode, we might need to have a look at your Autostartviewer log to see if anything is blocking or a HJT log. But wait if the new keyfile or safe mode operation might help wonders.
I don't expect the keyfile to be the problem. Maybe something is blocking your correct installation of the protection. The ünregistered"is not the main thing, it's the protection installation. Are you really sure there was not any protective application active? Have you tried in safe mode? i shut down all my protection, anti virus, TDS-3, BHO Demon, WinPatrol, MSAntiSpy, same result, tried to install in safe mode, same result. When the last time you uninstalled did you make sure the whole directory was removed as well, registry clean and rebooted before the new install? Yes, i searched and removed every trace of the old install i could find If it's not all this, nor safe mode, we might need to have a look at your Autostartviewer log to see if anything is blocking or a HJT log. But wait if the new keyfile or safe mode operation might help wonders. on the last uninstall of WormGuard i received an error message 16 Bit MS-Dos Subsystem C:\Windows\System32Command.com C:\Program1\Symantec\S32EVNT1.Dll an installable virtual device driver failed Dll initialization. Choose Close to terminate the application Mike
I hope you first uninstalled before cleaning out the registry. I see descriptions to solve this error message in every language and for many programs and each time pointing to different files to get rid of. Most of time it is after an uninstall some parts are left pointing to the original program, like in the msconfig startup, and in the registry. http://castlecops.com/postt88954.html "We also recommend reading the following support document from Microsoft. There have been reports of some spyware removing this file to prevent programs like WinPatrol from deleting it on reboot. http://support.microsoft.com/default.aspx?scid=kb;en-us;324767 This link will instruct you on how to recover this file and others that might be missing if that's the case. " Programs like WormGuard should not be moved around once installed, as i guess it was all running ok originally and most probably showing "registered"as well. That S32EVNT1.Dll sounts like a symantec event component; did you do anything with your norton too? Maybe after re-installing WormGuard again you get at least rid of that error message and then please leave it in that spot where you installed it, default. Can you go back to an old system restore point before all this happened and rebuild from there?
i can try that, but consider it to be a last resort, i'm willing to keep trying other stuff for a while yet. Mike
Slightly off-topic (maybe already mentioned): The protection from WormGuard has to be removed before uninstalling WormGuard (removing the protection in WG itself). BTW: Have you perhaps an entry in Add/Remove: DiamondCS WormGuard Hook ?
one of the probably 10 times i have installed/uninstalled WG by now i did, i used add/remove to remove it too
I just received the keyfile from DCS, re downloaded WormGuard, reinstalled, put keyfile in WG directory, still " Protection not enabled" Mike
that's because You've been already infected Touch... You've been infected with the 2late2bworm2B.exe trojan... ... ps: have you tried to install the protection? it's something you have to do first to let it work press: "Install Prot." and you'll be protected. have fun Inf
Just now checking stuff, i opened up Wormguard and it says " UNREGISTERED TRIAL VERSION" which it is not because i paid for it. and i click on "install" to install protection, then on "Test" and i get "Protection is not enabled" i'm puzzled here ( though that is nothing new, sigh ) any suggestions ? Mike this was my original post on the matter several days ago, been there, tried that, still "Protection not enabled" still puzzled Mike
just let's start over again. probably in the beginning you did a few steps after eachother while not being registered that caused this situation...hope I am clear? 1. uninstall WG and reboot. 2. delete any leftovers in program files and registry (use eg. CCleaner: http://www.filehippo.com/download_ccleaner.html) 3. Install WormGuard again, without anything else doing: paste the Keyfile (*.kf) into C:\Wormguard folder. then install the protection. In the meantime your copy should be registered... Hope this helps.
Pasting the Keyfile over and getting it to admit that is registered to me worked fine. As per your suggestion i then installed protection and clicked "Test" the same old box pops up and tells me "Protection is not enabled". grrrrrrrr, mumble mumble. If i was still a drinking man i'd have a few right now. Mike
lol, probably I would too when I copy paste the keyfile, I *first* click "done" and so WG closes. *Then* I open WG again and I click protect and it does it. I wouldn't understand why it would not protect you. that happend never here...
I don't understand it either, It seems to me very likely that Jooskes suggestion of several posts ago that something is blocking a correct install is likely the case. Unfortunatly i have no idea at all what might be blocking it. Mike
DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Owner@PUTER, 07-13-2005 c:\windows\system32\autoexec.nt C:\WINDOWS\system32\mscdexnt.exe C:\WINDOWS\system32\redir.exe C:\WINDOWS\system32\dosx.exe c:\windows\system32\config.nt C:\WINDOWS\system32\himem.sys c:\windows\wininit.ini [rename] c:\aaws\software\Commdlg.dll=c:\aaws\software\Commdlg.1 NUL=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\ginstall.dll c:\windows\system.ini [drivers] timer=timer.drv c:\windows\system.ini [boot]\shell C:\WINDOWS\Explorer.exe c:\windows\system.ini [boot]\scrnsave.exe C:\WINDOWS\boinc.scr HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell C:\WINDOWS\Explorer.exe HKCU\Control Panel\Desktop\scrnsave.exe C:\WINDOWS\boinc.scr HKCR\vbefile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\jsfile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\jsefile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\wshfile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\wsffile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TDS3 C:\Program Files\TDS3\TDS-3.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nod32kui C:\Program Files\Eset\nod32kui.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Look 'n' Stop C:\Program Files\Soft4Ever\looknstop\looknstop.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gcasServ E:\Program Files\MSAnti\gcasServ.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinPatrol e:\PROGRA~1\WinPatrol.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\!1_pgaccount E:\Program Files\ProcessGuard\pgaccount.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run\!1_ProcessGuard_Startup E:\Program Files\ProcessGuard\procguard.exe HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\System32\webcheck.dll C:\WINDOWS\System32\stobject.dll C:\WINDOWS\Tasks\1-Click Maintenance.job C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe C:\WINDOWS\Tasks\Scheduled Checkpoint.job C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE C:\Documents and Settings\Owner.YOUR-6JNHHU0520\Start Menu\Programs\Startup\BHODemon 2.0.lnk C:\Program Files\BHODemon 2\BHODemon.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BOINC.lnk C:\Program Files\BOINC\boinc_gui.exe HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute autocheck autochk * HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit C:\WINDOWS\system32\userinit.exe HKLM\System\CurrentControlSet\Control\WOW\cmdline C:\WINDOWS\system32\ntvdm.exe HKLM\System\CurrentControlSet\Control\WOW\wowcmdline C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ C:\WINDOWS\system32\imon.dll C:\WINDOWS\system32\dcsws2.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\rsvpsp.dll HKLM\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\ C:\WINDOWS\inf\unregmp2.exe /ShowWMP HKLM\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\ C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE HKLM\Software\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\ C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE HKLM\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\ C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll HKLM\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\ %ProgramFiles%\Outlook Express\setup50.exe HKLM\Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}\ rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT HKLM\Software\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}\ C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf HKLM\Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}\ rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser HKLM\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\ rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub HKLM\Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}\ %ProgramFiles%\Outlook Express\setup50.exe HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\ regsvr32.exe /s /n /i:U shell32.dll HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\ C:\WINDOWS\system32\ie4uinit.exe HKLM\Software\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\ C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install HKLM\Software\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}\ rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\ C:\WINDOWS\system32\JAVASUP.VXD HKLM\System\CurrentControlSet\Services\AMON\ \??\C:\WINDOWS\System32\drivers\amon.sys HKLM\System\CurrentControlSet\Services\AppMgmt\ C:\WINDOWS\system32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\aspnet_admin\ C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe HKLM\System\CurrentControlSet\Services\AudioSrv\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\Browser\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\CryptSvc\ C:\WINDOWS\system32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\DcomLaunch\ C:\WINDOWS\system32\svchost -k DcomLaunch HKLM\System\CurrentControlSet\Services\DCSPGSRV\ E:\Program Files\ProcessGuard\dcsuserprot.exe HKLM\System\CurrentControlSet\Services\Dhcp\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\Dnscache\ C:\WINDOWS\System32\svchost.exe -k NetworkService HKLM\System\CurrentControlSet\Services\Eventlog\ C:\WINDOWS\system32\services.exe HKLM\System\CurrentControlSet\Services\Fax\ C:\WINDOWS\system32\fxssvc.exe HKLM\System\CurrentControlSet\Services\Fix-It Task Manager\ C:\PROGRA~1\VCOM\Fix-It\mxtask.exe -Service HKLM\System\CurrentControlSet\Services\helpsvc\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\lanmanserver\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\lanmanworkstation\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\LmHosts\ C:\WINDOWS\System32\svchost.exe -k LocalService HKLM\System\CurrentControlSet\Services\NOD32krn\ C:\Program Files\Eset\nod32krn.exe HKLM\System\CurrentControlSet\Services\NVSvc\ C:\WINDOWS\System32\nvsvc32.exe HKLM\System\CurrentControlSet\Services\PlugPlay\ C:\WINDOWS\system32\services.exe HKLM\System\CurrentControlSet\Services\PolicyAgent\ C:\WINDOWS\System32\lsass.exe HKLM\System\CurrentControlSet\Services\procguard\ \??\C:\WINDOWS\system32\drivers\procguard.sys HKLM\System\CurrentControlSet\Services\ProtectedStorage\ C:\WINDOWS\system32\lsass.exe HKLM\System\CurrentControlSet\Services\RasAuto\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\RpcSs\ C:\WINDOWS\system32\svchost -k rpcss HKLM\System\CurrentControlSet\Services\SamSs\ C:\WINDOWS\system32\lsass.exe HKLM\System\CurrentControlSet\Services\Schedule\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\seclogon\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\SENS\ C:\WINDOWS\system32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\SharedAccess\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\ShellHWDetection\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\Speed Disk service\ C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe HKLM\System\CurrentControlSet\Services\Spooler\ C:\WINDOWS\system32\spoolsv.exe HKLM\System\CurrentControlSet\Services\srservice\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\stisvc\ C:\WINDOWS\System32\svchost.exe -k imgsvc HKLM\System\CurrentControlSet\Services\Themes\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\TrkWks\ C:\WINDOWS\system32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\TUWinStylerThemeSvc\ C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe HKLM\System\CurrentControlSet\Services\UMWdf\ C:\WINDOWS\system32\wdfmgr.exe HKLM\System\CurrentControlSet\Services\W32Time\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\WebClient\ C:\WINDOWS\System32\svchost.exe -k LocalService HKLM\System\CurrentControlSet\Services\winmgmt\ C:\WINDOWS\system32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\wscsvc\ C:\WINDOWS\System32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\wuauserv\ C:\WINDOWS\system32\svchost.exe -k netsvcs HKLM\System\CurrentControlSet\Services\WZCSVC\ C:\WINDOWS\System32\svchost.exe -k netsvcs Logfile of HijackThis v1.99.1 Scan saved at 9:42:33 AM, on 7/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe E:\Program Files\ProcessGuard\dcsuserprot.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\TDS3\TDS-3.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Soft4Ever\looknstop\looknstop.exe E:\Program Files\MSAnti\gcasServ.exe E:\PROGRA~1\WinPatrol.exe E:\Program Files\ProcessGuard\pgaccount.exe C:\WINDOWS\system32\wdfmgr.exe E:\Program Files\ProcessGuard\procguard.exe E:\Program Files\MSAnti\gcasDtServ.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\BOINC\boinc_gui.exe C:\Program Files\BHODemon 2\BHODemon.exe C:\WINDOWS\msagent\AgentSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\BOINC\projects\setiathome.berkeley.edu\setiathome_4.18_windows_intelx86.exe C:\WINDOWS\Explorer.EXE C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O4 - HKLM\..\Run: [TDS3] C:\Program Files\TDS3\TDS-3.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\MSAnti\gcasServ.exe" O4 - HKLM\..\Run: [WinPatrol] "e:\PROGRA~1\WinPatrol.exe" O4 - HKLM\..\Run: [!1_pgaccount] "E:\Program Files\ProcessGuard\pgaccount.exe" O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "E:\Program Files\ProcessGuard\procguard.exe" -minimize O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe O4 - Global Startup: BOINC.lnk = C:\Program Files\BOINC\boinc_gui.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120500481453 O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - E:\Program Files\ProcessGuard\dcsuserprot.exe O23 - Service: Fix-It Task Manager - Unknown owner - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
Did you have WormGuard on C:\ or E:\ ? Did you have ProcessGuard temporary closed at installing and enabling protection in WormGuard and exclude (or allow permanently) the WormGuard exe in ProcessGuard?
I currently have WormGuard installed in C:\ though i had it in E:\ previously, as a matter of habit i do not generally install security programs in the default location. Process Guard was not installed until the day before yesterday and so i would think can be discounted as a possible source of the issue. Mike