1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved system alert spyware

Discussion in 'Malware and Virus Removal Archive' started by keithsince59, 2007/09/10.

Page 2 of 2
  1. 2007/09/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I'm not sure what you did when you extracted the zip, but it appears that it ran, and from the look of it, it ran two instances. At any rate, it produced the log we needed.

    Please click Start>Run and type cmd then hit enter to open a command window. Highlight and copy the first bolded command below then right click in the command window and select paste.

    %systemroot%\system32\wbem\WINMGMT.EXE /REGSERVER

    Now hit enter. When it comes back to the command prompt, do the same with the next command.

    %systemroot%\system32\wbem\UNSECAPP.EXE /REGSERVER

    Then the next.

    FOR %i IN ( "%systemroot%\SYSTEM32\WBEM\WBEM*.DLL ") DO REGSVR32.EXE /S %i

    Now this one.

    NET STOP WINMGMT

    And finally this one.

    NET START WINMGMT

    When you are again at the command prompt, close the command window. Now double click the WMIDiag.vbs you previously downloaded and wait. You will not see it running, and it may take some time for it to complete. When it completes, a log should open similar to the ones you posted. Please post it's contents.

    If everything checks out OK, the log does not open and you will get a Successful message only. Click Start>Run and type %temp% then hit enter. Look for a file named similar to this;
    WMIDIAG-V2.0_XP___.CLI.SP2.32_ATHLON1400_2007.09.15_18.35.05-REPORT.TXT
    Open the txt and post it's contents.
     
    noahdfear,
    #21
  2. 2007/09/16
    keithsince59

    keithsince59 Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    249
    Likes Received:
    0
    as predicted the service is running ok. here is the log you asked for

    15212 19:06:03 (0) ** WMIDiag v2.0 started on 16 September 2007 at 19:04.
    15213 19:06:03 (0) **
    15214 19:06:03 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
    15215 19:06:03 (0) **
    15216 19:06:03 (0) ** This script is not supported under any Microsoft standard support program or service.
    15217 19:06:03 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
    15218 19:06:03 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
    15219 19:06:03 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
    15220 19:06:03 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
    15221 19:06:03 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
    15222 19:06:03 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
    15223 19:06:03 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
    15224 19:06:03 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
    15225 19:06:03 (0) ** of the possibility of such damages.
    15226 19:06:03 (0) **
    15227 19:06:03 (0) **
    15228 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15229 19:06:03 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
    15230 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15231 19:06:03 (0) **
    15232 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15233 19:06:03 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'ADULTS\KEITH&SUE' on computer 'ADULTS'.
    15234 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15235 19:06:03 (0) ** Environment: ........................................................................................................ OK..
    15236 19:06:03 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1).
    15237 19:06:03 (0) ** Drive type: ......................................................................................................... IDE (ST3250820AS).
    15238 19:06:03 (0) ** There are no missing WMI system files: .............................................................................. OK.
    15239 19:06:03 (0) ** There are no missing WMI repository files: .......................................................................... OK.
    15240 19:06:03 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
    15241 19:06:03 (0) ** BEFORE running WMIDiag:
    15242 19:06:03 (0) ** The WMI repository has a size of: ................................................................................... 7 MB.
    15243 19:06:03 (0) ** - Disk free space on 'C:': .......................................................................................... 156610 MB.
    15244 19:06:03 (0) ** - INDEX.BTR, 1204224 bytes, 16/09/2007 18:30:53
    15245 19:06:03 (0) ** - INDEX.MAP, 612 bytes, 16/09/2007 18:31:53
    15246 19:06:03 (0) ** - MAPPING.VER, 4 bytes, 16/09/2007 18:31:53
    15247 19:06:03 (0) ** - MAPPING1.MAP, 3452 bytes, 16/09/2007 18:30:53
    15248 19:06:03 (0) ** - MAPPING2.MAP, 3452 bytes, 16/09/2007 18:31:53
    15249 19:06:03 (0) ** - OBJECTS.DATA, 5685248 bytes, 16/09/2007 18:30:53
    15250 19:06:03 (0) ** - OBJECTS.MAP, 2840 bytes, 16/09/2007 18:31:53
    15251 19:06:03 (0) ** AFTER running WMIDiag:
    15252 19:06:03 (0) ** The WMI repository has a size of: ................................................................................... 7 MB.
    15253 19:06:03 (0) ** - Disk free space on 'C:': .......................................................................................... 156608 MB.
    15254 19:06:03 (0) ** - INDEX.BTR, 1204224 bytes, 16/09/2007 18:30:53
    15255 19:06:03 (0) ** - INDEX.MAP, 612 bytes, 16/09/2007 18:31:53
    15256 19:06:03 (0) ** - MAPPING.VER, 4 bytes, 16/09/2007 18:31:53
    15257 19:06:03 (0) ** - MAPPING1.MAP, 3452 bytes, 16/09/2007 18:30:53
    15258 19:06:03 (0) ** - MAPPING2.MAP, 3452 bytes, 16/09/2007 18:31:53
    15259 19:06:03 (0) ** - OBJECTS.DATA, 5685248 bytes, 16/09/2007 18:30:53
    15260 19:06:03 (0) ** - OBJECTS.MAP, 2840 bytes, 16/09/2007 18:31:53
    15261 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15262 19:06:03 (2) !! WARNING: Windows Firewall Service: .................................................................................. STOPPED.
    15263 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15264 19:06:03 (0) ** DCOM Status: ........................................................................................................ OK.
    15265 19:06:03 (0) ** WMI registry setup: ................................................................................................. OK.
    15266 19:06:03 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
    15267 19:06:03 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
    15268 19:06:03 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')
    15269 19:06:03 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
    15270 19:06:03 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
    15271 19:06:03 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
    15272 19:06:03 (0) ** this can prevent the service/application to work as expected.
    15273 19:06:03 (0) **
    15274 19:06:03 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
    15275 19:06:03 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
    15276 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15277 19:06:03 (0) ** WMI service DCOM setup: ............................................................................................. OK.
    15278 19:06:03 (0) ** WMI components DCOM registrations: .................................................................................. OK.
    15279 19:06:03 (0) ** WMI ProgID registrations: ........................................................................................... OK.
    15280 19:06:03 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
    15281 19:06:03 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
    15282 19:06:03 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
    15283 19:06:03 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
    15284 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15285 19:06:03 (0) ** Overall DCOM security status: ....................................................................................... OK.
    15286 19:06:03 (0) ** Overall WMI security status: ........................................................................................ OK.
    15287 19:06:03 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
    15288 19:06:03 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
    15289 19:06:03 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name= "Microsoft WMI Updating Consumer Scenario Control ".
    15290 19:06:03 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
    15291 19:06:03 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name= "SCM Event Log Consumer ".
    15292 19:06:03 (0) ** 'select * from MSFT_SCMEventLogEvent'
    15293 19:06:03 (0) **
    15294 19:06:03 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
    15295 19:06:03 (0) ** WMI ADAP status: .................................................................................................... OK.
    15296 19:06:03 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
    15297 19:06:03 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
    15298 19:06:03 (0) ** WMI GET operations: ................................................................................................. OK.
    15299 19:06:03 (0) ** WMI MOF representations: ............................................................................................ OK.
    15300 19:06:03 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
    15301 19:06:03 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
    15302 19:06:03 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
    15303 19:06:03 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
    15304 19:06:03 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
    15305 19:06:03 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
    15306 19:06:03 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
    15307 19:06:03 (0) ** WMI static instances retrieved: ..................................................................................... 576.
    15308 19:06:03 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
    15309 19:06:03 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
    15310 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15311 19:06:03 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
    15312 19:06:03 (0) ** DCOM: ............................................................................................................. 13.
    15313 19:06:03 (0) ** WINMGMT: .......................................................................................................... 4.
    15314 19:06:03 (0) ** WMIADAPTER: ....................................................................................................... 0.
    15315 19:06:03 (0) ** => Verify the WMIDiag LOG at line #14890 for more details.
    15316 19:06:03 (0) **
    15317 19:06:03 (0) ** # of additional Event Log events AFTER WMIDiag execution:
    15318 19:06:03 (0) ** DCOM: ............................................................................................................. 0.
    15319 19:06:03 (0) ** WINMGMT: .......................................................................................................... 0.
    15320 19:06:03 (0) ** WMIADAPTER: ....................................................................................................... 0.
    15321 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15322 19:06:03 (0) ** WMI Registry key setup: ............................................................................................. OK.
    15323 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15324 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15325 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15326 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15327 19:06:03 (0) **
    15328 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15329 19:06:03 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
    15330 19:06:03 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    15331 19:06:03 (0) **
    15332 19:06:03 (0) ** SUCCESS: WMIDiag determined that WMI works CORRECTLY.
    15333 19:06:03 (0) **
    15334 19:06:03 (0) ** WMIDiag v2.0 ended on 16 September 2007 at 19:06 (W:60 E:2 S:0).
     
    keithsince59,
    #22


  3. to hide this advert.

  4. 2007/09/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    That's good news! :)

    If you don't mind, please run dss again as outlined in this post and post the logs.
     
    noahdfear,
    #23
  5. 2007/09/17
    keithsince59

    keithsince59 Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    249
    Likes Received:
    0
    dss log

    as requested dave the dss log

    Deckard's System Scanner v20070905.67
    Run by keith&sue on 2007-09-17 15:43:07
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as keith&sue.exe) -------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:43:11, on 17/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Yahoo!\NAV\navapsvc.exe
    C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Yahoo!\NAV\SAVScan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
    C:\Documents and Settings\keith&sue\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\KEITH&~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070419
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070419
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O4 - HKUS\S-1-5-21-1652898573-1103510817-155415248-1011\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User '?')
    O4 - HKUS\S-1-5-21-1652898573-1103510817-155415248-1011\..\Run: [Outlook Express] C:\Program Files\Outlook Express\msimn.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: Video Poker - http://download2.games.yahoo.com/games/clients/y/vpt0_x.cab
    O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/games/clients/y/it1_x.cab
    O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178803417453
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178803586953
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 8363 bytes

    -- Files created between 2007-08-17 and 2007-09-17 -----------------------------

    2007-09-17 15:07:05 0 d-------- C:\Documents and Settings\keith&sue\Application Data\ESTsoft
    2007-09-17 08:02:42 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Intuit
    2007-09-16 21:10:22 0 d-------- C:\Documents and Settings\amber\Application Data\Real
    2007-09-15 20:35:05 0 d-------- C:\Documents and Settings\keith&sue\Application Data\OpenOffice.org2
    2007-09-14 23:30:03 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Sun
    2007-09-14 22:57:51 0 d---s---- C:\Documents and Settings\keith&sue\UserData
    2007-09-14 22:09:59 0 d-------- C:\Program Files\Windows Live Safety Center
    2007-09-14 17:47:23 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Yahoo!
    2007-09-14 17:26:26 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Macromedia
    2007-09-14 17:26:05 0 d-------- C:\Documents and Settings\keith&sue\Contacts
    2007-09-14 17:09:06 0 dr-h----- C:\Documents and Settings\keith&sue\Recent
    2007-09-14 17:05:33 0 d-------- C:\Documents and Settings\keith&sue\Application Data\WinPatrol
    2007-09-14 17:05:18 0 dr------- C:\Documents and Settings\keith&sue\Favorites
    2007-09-14 17:05:18 0 d-------- C:\Documents and Settings\keith&sue\Desktop
    2007-09-14 17:05:18 0 d---s---- C:\Documents and Settings\keith&sue\Cookies
    2007-09-14 17:05:18 0 dr-h----- C:\Documents and Settings\keith&sue\Application Data
    2007-09-14 17:05:18 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Symantec
    2007-09-14 17:05:18 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Identities
    2007-09-14 17:05:18 0 d--h----- C:\Documents and Settings\keith&sue\Application Data\Gtek
    2007-09-14 17:05:17 0 d--h----- C:\Documents and Settings\keith&sue\Templates
    2007-09-14 17:05:17 0 dr------- C:\Documents and Settings\keith&sue\Start Menu
    2007-09-14 17:05:17 0 dr-h----- C:\Documents and Settings\keith&sue\SendTo
    2007-09-14 17:05:17 0 d--h----- C:\Documents and Settings\keith&sue\PrintHood
    2007-09-14 17:05:17 1572864 --ah----- C:\Documents and Settings\keith&sue\NTUSER.DAT
    2007-09-14 17:05:17 0 d--h----- C:\Documents and Settings\keith&sue\NetHood
    2007-09-14 17:05:17 0 dr------- C:\Documents and Settings\keith&sue\My Documents
    2007-09-14 17:05:17 0 d--h----- C:\Documents and Settings\keith&sue\Local Settings
    2007-09-12 19:40:31 0 d-------- C:\Program Files\Windows Live
    2007-09-12 19:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-09-11 09:12:45 0 d-------- C:\Program Files\Trend Micro
    2007-09-10 21:42:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-09-10 16:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-08 20:35:37 0 d-------- C:\Program Files\Common Files\xing shared
    2007-09-05 14:33:45 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
    2007-09-03 22:16:25 0 d-------- C:\Program Files\THQ
    2007-09-01 11:26:37 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
    2007-08-29 22:01:48 0 d-------- C:\Program Files\Common Files\SWF Studio
    2007-08-29 22:01:44 0 d-------- C:\Program Files\Riva
    2007-08-29 21:44:08 0 d-------- C:\WINDOWS\FLV Player
    2007-08-27 21:12:44 0 d-------- C:\Program Files\Veoh Networks
    2007-08-26 22:27:34 0 d-------- C:\Program Files\Blaze Media Pro
    2007-08-26 22:27:25 0 d-------- C:\Documents and Settings\mum&dad\Application Data\{1B0CC100-80E7-4108-844F-6244F1FCFCC1}
    2007-08-26 22:26:37 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Seven Zip
    2007-08-26 18:51:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-08-26 16:47:09 0 d-------- C:\Program Files\QuickTime
    2007-08-26 16:45:55 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Apple Computer
    2007-08-26 16:32:32 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Ahead
    2007-08-26 16:13:35 0 d-------- C:\Program Files\AVI Codec Pack
    2007-08-26 16:13:33 0 d-------- C:\WINDOWS\system32\quicktime
    2007-08-25 15:59:24 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Real
    2007-08-25 08:21:01 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Sun
    2007-08-23 15:58:14 0 d-------- C:\Documents and Settings\mum&dad\Application Data\LimeWire
    2007-08-23 15:21:29 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Adobe
    2007-08-22 20:59:22 0 d-------- C:\symbols
    2007-08-22 20:55:23 0 d-------- C:\Program Files\Debugging Tools for Windows
    2007-08-22 13:48:54 0 d-------- C:\Documents and Settings\mum&dad\Application Data\DivX
    2007-08-22 13:42:33 0 d-------- C:\Program Files\Fx MPEG Suite
    2007-08-22 13:25:51 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Intuit
    2007-08-22 13:13:51 0 d-------- C:\Documents and Settings\mum&dad\Application Data\OpenOffice.org2
    2007-08-22 13:12:24 0 d-------- C:\Documents and Settings\mum&dad\Application Data\ESTsoft
    2007-08-22 13:06:54 0 d-------- C:\Documents and Settings\mum&dad\Application Data\WinPatrol
    2007-08-21 23:45:23 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Macromedia
    2007-08-21 23:40:39 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Yahoo!
    2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Templates
    2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\SendTo
    2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\Recent
    2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\PrintHood
    2007-08-21 23:39:46 5242880 --ah----- C:\Documents and Settings\mum&dad\NTUSER.DAT
    2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\NetHood
    2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Local Settings
    2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\Application Data
    2007-08-21 23:39:46 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Symantec
    2007-08-21 23:39:46 0 d---s---- C:\Documents and Settings\mum&dad\Application Data\Microsoft
    2007-08-21 23:39:46 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Identities
    2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Application Data\Gtek
    2007-08-21 16:30:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
    2007-08-20 17:24:20 5120 --a------ C:\WINDOWS\system32\GTKCMO64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
    2007-08-20 17:24:19 5632 --a------ C:\WINDOWS\system32\GPCIEn64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
    2007-08-20 17:24:19 7168 --a------ C:\WINDOWS\system32\DLPT64.sys <Not Verified; Gteko Ltd.; QDiag>
    2007-08-20 17:24:19 4608 --a------ C:\WINDOWS\system32\DDMI64.sys <Not Verified; Gteko Ltd.; DDMI>
    2007-08-19 18:36:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
    2007-08-17 18:55:26 0 d-------- C:\Program Files\Free WMA to MP3 Converter


    -- Find3M Report ---------------------------------------------------------------

    2007-09-16 18:13:30 0 d-------- C:\Program Files\eMule
    2007-09-16 09:14:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2007-09-14 23:16:55 0 d-------- C:\Program Files\Common Files
    2007-09-11 12:30:16 0 d-------- C:\Program Files\Fx MPEG Writer
    2007-09-11 12:30:15 0 d-------- C:\Program Files\DivX
    2007-09-08 20:35:35 0 d-------- C:\Program Files\Common Files\Real
    2007-09-03 22:16:24 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-09-03 22:16:08 0 d-------- C:\Program Files\Common Files\InstallShield
    2007-08-26 17:22:03 0 d-------- C:\Program Files\Apple Software Update
    2007-08-25 13:34:40 0 d-------- C:\Program Files\Puppy Luv A New Breed
    2007-08-23 15:58:10 0 d-------- C:\Program Files\LimeWire
    2007-07-31 16:06:42 0 d-------- C:\Program Files\Common Files\Axara
    2007-07-27 17:45:37 0 d-------- C:\Program Files\OpenOffice.org 2.2
    2007-07-27 17:43:38 0 d-------- C:\Program Files\Java
    2007-07-27 00:06:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2007-07-27 00:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2007-07-27 00:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-07-27 00:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2007-07-27 00:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-27 00:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2007-07-27 00:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-07-24 07:47:29 0 d-------- C:\Program Files\Google
    2007-07-22 20:08:44 0 d-------- C:\Program Files\Selectsoft
    2007-07-22 20:04:04 0 d-------- C:\Program Files\505 Game Collection
    2007-07-18 16:01:28 0 d-------- C:\Program Files\Yahoo! Games
    2007-07-18 15:38:52 0 d-------- C:\Program Files\Flickr Uploadr


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 22:19]
    "NWEReboot "=" " []
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [23/08/2006 12:12]
    "WinPatrol "= "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [26/03/2007 16:16]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "DJSNetCN "=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2007-09-17 15:43:49 ------------
     
    keithsince59,
    #24
  6. 2007/09/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Everything looks to be in order Keith. Good job! :)

    1 entry to be fixed with HijackThis and then I'd say you're good to go, provided everything seems to be working right.

    Scan again with HijackThis and place a check next to the following entry, then click Fix Checked.

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    No need to post a new log. No more blue screens, I hope? Let me know if things seem normal and I'll mark this topic resolved.
     
    noahdfear,
    #25
  7. 2007/09/19
    keithsince59

    keithsince59 Inactive Thread Starter

    Joined:
    2006/05/08
    Messages:
    249
    Likes Received:
    0
    resolved

    all normal now dave, thank you for your valuable help please mark as resolved
    cheers
     
    keithsince59,
    #26
  8. 2007/09/19
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Glad to hear it Keith. Happy I could help. :)
     
    noahdfear,
    #27
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...