Solved system alert spyware

[Resolved] system alert spyware

i received the following in my notification area, i click on the shield (looks like windows security centre shield) which took me to virusprotect.com. the install.exe was denied access by norton as it contained a trojon. I managed to find the download excercise in temp and deleted it. but the notification area still has the shield there and pops up saying

"SYSTEM ALERT "

"System has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of un wanted spyware by downloading an up-to-date antispware solution.

this just takes you back to virusprotect.com download free scan page

 

Hi Keith,

Lets have a look at things.

Note: You must be logged onto an account with administrator privileges to complete the following.

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

If you have HijackThis, it will use it to create a HijackThis log. If you do not, it will automatically download and install HijackThis. Please keep your internet connection active and allow access through your firewall if applicable.

 

Deckard's System Scanner log

as asked here is the log created by the scanner

Deckard's System Scanner v20070905.67
Run by mum&dad on 2007-09-11 12:43:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as mum&dad.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:15, on 11/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\NAV\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Yahoo!\NPF\ccEmFlSv.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\mum&dad\My Documents\My Received Files\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mum&dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070419
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070419
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [Outlook Express] C:\Program Files\Outlook Express\msimn.exe
O4 - HKUS\S-1-5-21-1652898573-1103510817-155415248-1011\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-1652898573-1103510817-155415248-1011\..\Run: [Outlook Express] C:\Program Files\Outlook Express\msimn.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178803417453
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178803586953
O22 - SharedTaskScheduler: biisk - {f39d0dee-b2f0-4591-9187-1cc39c1df98a} - C:\WINDOWS\system32\kzpkwj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8282 bytes

-- Files created between 2007-08-11 and 2007-09-11 -----------------------------

2007-09-11 09:12:45 0 d-------- C:\Program Files\Trend Micro
2007-09-10 21:42:49 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Grisoft
2007-09-10 21:42:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-10 16:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-08 20:35:37 0 d-------- C:\Program Files\Common Files\xing shared
2007-09-05 14:33:45 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-03 22:16:25 0 d-------- C:\Program Files\THQ
2007-09-01 11:26:37 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-09-01 11:26:02 0 d-------- C:\Documents and Settings\mum&dad\WINDOWS
2007-08-29 22:01:48 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-08-29 22:01:44 0 d-------- C:\Program Files\Riva
2007-08-29 21:44:08 0 d-------- C:\WINDOWS\FLV Player
2007-08-27 21:12:44 0 d-------- C:\Program Files\Veoh Networks
2007-08-26 22:27:34 0 d-------- C:\Program Files\Blaze Media Pro
2007-08-26 22:27:25 0 d-------- C:\Documents and Settings\mum&dad\Application Data\{1B0CC100-80E7-4108-844F-6244F1FCFCC1}
2007-08-26 22:26:37 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Seven Zip
2007-08-26 18:51:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-26 16:47:09 0 d-------- C:\Program Files\QuickTime
2007-08-26 16:45:55 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Apple Computer
2007-08-26 16:32:32 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Ahead
2007-08-26 16:13:35 0 d-------- C:\Program Files\AVI Codec Pack
2007-08-26 16:13:33 0 d-------- C:\WINDOWS\system32\quicktime
2007-08-25 15:59:24 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Real
2007-08-25 11:59:28 0 d---s---- C:\Documents and Settings\mum&dad\UserData
2007-08-25 08:21:01 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Sun
2007-08-24 10:34:11 0 d-------- C:\Documents and Settings\mum&dad\DoctorWeb
2007-08-23 15:58:22 0 d-------- C:\Documents and Settings\mum&dad\Incomplete
2007-08-23 15:58:14 0 d-------- C:\Documents and Settings\mum&dad\Application Data\LimeWire
2007-08-23 15:21:29 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Adobe
2007-08-22 20:59:22 0 d-------- C:\symbols
2007-08-22 20:55:23 0 d-------- C:\Program Files\Debugging Tools for Windows
2007-08-22 20:12:58 0 d-------- C:\Documents and Settings\mum&dad\Contacts
2007-08-22 13:48:54 0 d-------- C:\Documents and Settings\mum&dad\Application Data\DivX
2007-08-22 13:42:33 0 d-------- C:\Program Files\Fx MPEG Suite
2007-08-22 13:25:51 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Intuit
2007-08-22 13:13:51 0 d-------- C:\Documents and Settings\mum&dad\Application Data\OpenOffice.org2
2007-08-22 13:12:24 0 d-------- C:\Documents and Settings\mum&dad\Application Data\ESTsoft
2007-08-22 13:06:54 0 d-------- C:\Documents and Settings\mum&dad\Application Data\WinPatrol
2007-08-21 23:45:23 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Macromedia
2007-08-21 23:40:39 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Yahoo!
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Templates
2007-08-21 23:39:46 0 dr------- C:\Documents and Settings\mum&dad\Start Menu
2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\SendTo
2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\Recent
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\PrintHood
2007-08-21 23:39:46 3932160 --ah----- C:\Documents and Settings\mum&dad\NTUSER.DAT
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\NetHood
2007-08-21 23:39:46 0 dr------- C:\Documents and Settings\mum&dad\My Documents
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Local Settings
2007-08-21 23:39:46 0 dr------- C:\Documents and Settings\mum&dad\Favorites
2007-08-21 23:39:46 0 d-------- C:\Documents and Settings\mum&dad\Desktop
2007-08-21 23:39:46 0 d---s---- C:\Documents and Settings\mum&dad\Cookies
2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\Application Data
2007-08-21 23:39:46 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Symantec
2007-08-21 23:39:46 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Identities
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Application Data\Gtek
2007-08-21 22:59:52 61528 --a------ C:\WINDOWS\system32\drivers\srosa.sys
2007-08-21 22:59:49 221209 -----n--- C:\WINDOWS\system32\drivers\hidr.exe
2007-08-21 16:30:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
2007-08-20 17:24:20 5120 --a------ C:\WINDOWS\system32\GTKCMO64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
2007-08-20 17:24:19 5632 --a------ C:\WINDOWS\system32\GPCIEn64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
2007-08-20 17:24:19 7168 --a------ C:\WINDOWS\system32\DLPT64.sys <Not Verified; Gteko Ltd.; QDiag>
2007-08-20 17:24:19 4608 --a------ C:\WINDOWS\system32\DDMI64.sys <Not Verified; Gteko Ltd.; DDMI>
2007-08-19 18:36:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2007-08-17 18:55:26 0 d-------- C:\Program Files\Free WMA to MP3 Converter
2007-08-15 18:34:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead


-- Find3M Report ---------------------------------------------------------------

2007-09-11 12:30:16 0 d-------- C:\Program Files\Fx MPEG Writer
2007-09-11 12:30:15 0 d-------- C:\Program Files\DivX
2007-09-10 17:45:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-10 10:37:06 0 d-------- C:\Program Files\eMule
2007-09-08 20:35:37 0 d-------- C:\Program Files\Common Files
2007-09-08 20:35:35 0 d-------- C:\Program Files\Common Files\Real
2007-09-08 20:35:32 12800 --a-s---- C:\WINDOWS\system32\kzpkwj.dll
2007-09-03 22:16:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 22:16:08 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-26 17:22:03 0 d-------- C:\Program Files\Apple Software Update
2007-08-25 13:34:40 0 d-------- C:\Program Files\Puppy Luv A New Breed
2007-08-23 15:58:10 0 d-------- C:\Program Files\LimeWire
2007-08-01 15:07:11 0 d-------- C:\Program Files\MSN Messenger
2007-07-31 16:06:42 0 d-------- C:\Program Files\Common Files\Axara
2007-07-27 17:45:37 0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-27 17:43:38 0 d-------- C:\Program Files\Java
2007-07-27 00:06:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 00:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-27 00:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-27 00:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-27 00:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 00:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 00:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-24 07:47:29 0 d-------- C:\Program Files\Google
2007-07-22 20:08:44 0 d-------- C:\Program Files\Selectsoft
2007-07-22 20:04:04 0 d-------- C:\Program Files\505 Game Collection
2007-07-18 16:01:28 0 d-------- C:\Program Files\Yahoo! Games
2007-07-18 15:38:52 0 d-------- C:\Program Files\Flickr Uploadr
2007-07-14 17:40:13 0 d-------- C:\Program Files\TweakNow RegCleaner Std
2007-07-11 17:29:39 0 d-------- C:\Program Files\Yahoo!
2007-07-11 16:28:26 0 d-------- C:\Program Files\ESTsoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 22:19]
"NWEReboot "=" " []
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [23/08/2006 12:12]
"WinPatrol "= "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [26/03/2007 16:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [19/08/2005 19:34]
"Outlook Express "= "C:\Program Files\Outlook Express\msimn.exe" [04/08/2004 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN "=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f39d0dee-b2f0-4591-9187-1cc39c1df98a} "= C:\WINDOWS\system32\kzpkwj.dll [08/09/2007 20:35 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - AVGASCLN



-- End of Deckard's System Scanner: finished at 2007-09-11 12:43:36 ------------

 

Download SmitfraudFix by S!Ri, saving it to the desktop.

• Restart the computer in Safe Mode by tapping the F8 key upon startup and selecting Safe Mode from the Advanced Startup Menu. Logon to your account.
• Double-click SmitfraudFix.exe to start the tool and press 2, then hit Enter.
• You will be prompted 'Do you want to clean the registry?' answer Y (yes) and hit Enter.
• If prompted to replace the infected wininet.dll file (if found), answer Y (yes) and hit Enter to restore a clean file.
• Reboot to normal mode when the tool completes.

Download ComboFix by sUBs from Here or Here, saving the file to your Desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• When finished, it will open a log for you. Post that log, the contents of C:\rapport.txt and a fresh HijackThis log.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

log file created by combofix

the smithfraud exe i hope ran although after pressing 2 all i got was a black screen. here is the log file created by combofix you asked me to run

ComboFix 07-09-10.6 - "mum&dad" 2007-09-12 15:39:34.1 - NTFSx86
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys


((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.

2007-09-12 15:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 15:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-12 15:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-12 15:20 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-12 15:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-12 15:20 1,616 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-11 09:12 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-11 09:10 <DIR> d-------- C:\Deckard
2007-09-10 21:42 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-10 20:26 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-10 16:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-08 20:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-05 14:33 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-09-03 22:16 <DIR> d-------- C:\Program Files\THQ
2007-09-01 11:26 299,520 --a------ C:\WINDOWS\uninst.exe
2007-09-01 11:26 <DIR> d-------- C:\DOCUME~1\mum&dad\WINDOWS
2007-08-29 22:01 <DIR> d-------- C:\Program Files\Riva
2007-08-29 22:01 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-08-29 21:44 <DIR> d-------- C:\WINDOWS\FLV Player
2007-08-27 21:12 <DIR> d-------- C:\Program Files\Veoh Networks
2007-08-26 22:27 <DIR> d-------- C:\Program Files\Blaze Media Pro
2007-08-26 22:27 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\{1B0CC100-80E7-4108-844F-6244F1FCFCC1}
2007-08-26 22:26 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\Seven Zip
2007-08-26 18:51 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-26 16:47 <DIR> d-------- C:\Program Files\QuickTime
2007-08-26 16:45 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\Apple Computer
2007-08-26 16:32 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\Ahead
2007-08-26 16:13 <DIR> d-------- C:\WINDOWS\system32\quicktime
2007-08-26 16:13 <DIR> d-------- C:\Program Files\AVI Codec Pack
2007-08-25 15:59 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\Real
2007-08-25 11:59 <DIR> d---s---- C:\DOCUME~1\mum&dad\UserData
2007-08-24 10:34 <DIR> d-------- C:\DOCUME~1\mum&dad\DoctorWeb
2007-08-23 15:58 <DIR> d-------- C:\DOCUME~1\mum&dad\Incomplete
2007-08-23 15:58 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\LimeWire
2007-08-22 20:59 <DIR> d-------- C:\symbols
2007-08-22 20:55 <DIR> d-------- C:\Program Files\Debugging Tools for Windows
2007-08-22 20:12 <DIR> d-------- C:\DOCUME~1\mum&dad\Contacts
2007-08-22 13:48 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\DivX
2007-08-22 13:42 <DIR> d-------- C:\Program Files\Fx MPEG Suite
2007-08-22 13:25 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\Intuit
2007-08-22 13:13 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\OpenOffice.org2
2007-08-22 13:12 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\ESTsoft
2007-08-22 13:06 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\WinPatrol
2007-08-21 23:40 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\Yahoo!
2007-08-21 23:39 <DIR> d--h----- C:\DOCUME~1\mum&dad\APPLIC~1\Gtek
2007-08-21 23:39 <DIR> d-------- C:\DOCUME~1\mum&dad\APPLIC~1\Symantec
2007-08-20 17:24 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys
2007-08-20 17:24 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys
2007-08-20 17:24 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys
2007-08-20 17:24 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys
2007-08-19 18:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Channel4
2007-08-17 18:55 <DIR> d-------- C:\Program Files\Free WMA to MP3 Converter
2007-08-15 18:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 15:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
2007-09-12 15:38 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-11 19:32 --------- d-------- C:\Program Files\eMule
2007-09-11 12:30 --------- d-------- C:\Program Files\Fx MPEG Writer
2007-09-11 12:30 --------- d-------- C:\Program Files\DivX
2007-09-08 20:35 --------- d-------- C:\Program Files\Common Files\Real
2007-09-03 22:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 22:16 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-26 17:22 --------- d-------- C:\Program Files\Apple Software Update
2007-08-26 16:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-25 13:34 --------- d-------- C:\Program Files\Puppy Luv A New Breed
2007-08-23 15:58 --------- d-------- C:\Program Files\LimeWire
2007-08-22 16:49 --------- d-------- C:\DOCUME~1\michaela\APPLIC~1\Yahoo!
2007-08-21 16:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
2007-08-19 11:40 --------- d-------- C:\DOCUME~1\nadine\APPLIC~1\Yahoo!
2007-08-03 19:45 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Safe Bore Audio Part
2007-08-01 18:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-08-01 15:07 --------- d-------- C:\Program Files\MSN Messenger
2007-07-31 16:06 --------- d-------- C:\Program Files\Common Files\Axara
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-27 17:45 --------- d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-27 00:06 9464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-27 00:06 9336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-27 00:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-27 00:06 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 00:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 00:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 00:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 00:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 00:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 00:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 00:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 00:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 00:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 00:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 00:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 00:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 00:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 00:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 00:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 00:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 00:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 00:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 00:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-24 07:47 --------- d-------- C:\Program Files\Google
2007-07-22 20:18 --------- d-------- C:\DOCUME~1\nadine\APPLIC~1\WinPatrol
2007-07-22 20:08 --------- d-------- C:\Program Files\Selectsoft
2007-07-22 20:04 --------- d-------- C:\Program Files\505 Game Collection
2007-07-22 19:44 --------- d-------- C:\DOCUME~1\michaela\APPLIC~1\WinPatrol
2007-07-18 16:01 --------- d-------- C:\Program Files\Yahoo! Games
2007-07-18 15:38 --------- d-------- C:\Program Files\Flickr Uploadr
2007-07-14 17:40 --------- d-------- C:\Program Files\TweakNow RegCleaner Std
2007-06-26 16:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 15:35 665600 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 14:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 09:12 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 09:12 616960 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 09:12 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 09:12 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 09:12 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 09:12 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 09:12 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 09:12 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 09:12 3064320 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 09:12 251904 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 09:12 205824 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 09:12 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 09:12 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 09:12 1498112 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 09:12 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 09:12 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 09:12 1022976 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 11:32 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-04-24 20:14 7240 --a--c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ypinfo.bin
2007-04-23 11:07:53 88 --sh--r C:\WINDOWS\system32\18775F3A21.sys
2007-04-23 11:08:14 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"NWEReboot "=" " []
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2006-08-23 12:12]
"WinPatrol "= "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe" [2007-03-26 16:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2005-08-19 19:34]
"Outlook Express "= "C:\Program Files\Outlook Express\msimn.exe" [2004-08-04 05:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN "=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe


*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - keith.job "
- C:\PROGRA~1\Yahoo!\NAV\Navw32.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 15:41:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-12 15:41:36
C:\ComboFix-quarantined-files.txt ... 2007-09-12 15:41
.
--- E O F ---

 

Copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\system32\18775F3A21.sys
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg

FileLook::
C:\WINDOWS\uninst.exe

DirLook::
C:\DOCUME~1\mum&dad\WINDOWS

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Create a new HijackThis log and post it here as well.

 

the infected file has now gone, i,m not sure how but the problem has now been resolved. thank you all for your help

 

Keith, we are still in the process of cleanup. I'm well aware that the bulk of your problems are now gone due to what has been done thus far, but I recommend you complete what I have requested so we can be sure there's nothing else hanging around.

 

when i drop the new text document into combofix.exe on my desktop, i presume you meant drop the whole file in and not just copy and paste the text within(which it wont let me do) but i get an error

the process cannot access the file because it is being used by anouther process

ALSO TERMINAL ERROR - MISSING FILE

C:\WINDOWS\regedit.exe is missing copy one from another machine.

 

That's very odd. See if you have the file C:\WINDOWS\regedit.exe

Do not proceed if you don't have it, but rather come back here and let me know.

Please double check my instructions above for creating the CFScript.txt file (it must be named CFScript.txt). Open the CFScript.txt file and make sure it looks exactly like the contents of the code box above.

Restart the computer.

Now drag the CFScript.txt file on top of ComboFix.exe and drop it. ComboFix should run. Wait for it to complete and allow the computer to restart if prompted. Upon restart, wait for the combofix log to open before doing anything else, then post the contents of that log.

 

something has gone wrong, my start menu wont work neither will any of my quick launch toolbar items. then the task and toolbar just goes white. I am going to created a new account in xp

 

close thread all is ok

i have reg edit in the computer. i have now deleted the account in xp and created a new one. i have restored the files i want to keep. all is running smooth and correct. please close this thread and thank you for all the help

 

I still feel you have things that need addressed, but I certainly can't make you see this through. I won't be marking this topic resolved.

 

if you feel there are still issued to be resolved then i will follow your lead

 

Lets get a new Deckards System Scanner report.

Download Deckard's System Scanner (dss.exe) to your desktop.
Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /config

Close all applications and windows. Click Start>Run then paste the command and hit Enter.

The dss interface should open. Click Uncheck All, then click Check All, then click Scan. Wait for the scan to complete and post the contents of main.txt
It might be too big to fit in one post, in which case you will need to split the log into 2 or more posts.

 

Deckard's System Scanner v20070905.67
Run by keith&sue on 2007-09-15 17:57:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Performed disk cleanup.



-- HijackThis (run as keith&sue.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:34, on 15/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\NAV\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Documents and Settings\keith&sue\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\keith&sue.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070419
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6070419
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Yahoo! Cribbage - http://download2.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/clients/y/st3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178803417453
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178803586953
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7703 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 catchme - c:\docume~1\mum&dad\locals~1\temp\catchme.sys (file missing)
3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys (file missing)
4 InCDFs (InCD File System) - system32\drivers\incdfs.sys (file missing)
1 InCDPass - system32\drivers\incdpass.sys (file missing)
1 InCDRm (InCD Reader) - system32\drivers\incdrm.sys (file missing)
3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe
3 ccISPwdSvc (Symantec Internet Security Password Validation) - c:\program files\yahoo!\npf\ccpwdsvc.exe
2 DJSNETCN (Symantec Licensing Detect Internet Connection) - c:\program files\common files\symantec shared\djsnetcn.exe
2 KService - c:\program files\kontiki\kservice.exe
3 NSCService (Norton Protection Center Service) - c:\program files\common files\symantec shared\security console\nscsrvce.exe
4 PRTGService (PRTG Service) - c:\program files\prtg traffic grapher\prtg traffic grapher.exe (file missing)
4 prtgwatchservice (PRTG Watchdog) - c:\program files\prtg traffic grapher\watchdog\prtgwatchdog.exe (file missing)
3 WLSetupSvc (Windows Live Setup Service) - c:\program files\windows live\installer\wlsetupsvc.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 2908)
2005-09-05 10:37:10 114688 --a------ C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll <Not Verified; Nero AG; Nero BackItUp>
2006-12-05 22:02:06 168960 --a------ C:\Program Files\ESTsoft\ALZip\AZCTM.dll <Not Verified; ESTsoft; >
2005-09-03 13:58:22 1802240 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>
2007-05-10 20:07:14 339968 --a------ C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll <Not Verified; Sun Microsystems, Inc.; >
2007-05-10 20:07:38 98304 --a------ C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll <Not Verified; Sun Microsystems, Inc.; >
2007-05-10 20:07:14 577536 --a------ C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll <Not Verified; STLport Consulting, Inc.; STLport Standard ANSI C++ Libarary>
2005-08-19 19:34:00 6144 --a------ C:\Program Files\Yahoo!\Messenger\idle.dll <Not Verified; Yahoo! Inc.; Yahoo! Inc. idle>


-- Scheduled Tasks -------------------------------------------------------------

2007-09-14 20:00:00 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - keith.job


-- Files created between 2007-08-15 and 2007-09-15 -----------------------------

2007-09-14 23:30:03 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Sun
2007-09-14 23:06:14 0 d-------- C:\Program Files\WebCyberCoach
2007-09-14 22:57:51 0 d---s---- C:\Documents and Settings\keith&sue\UserData
2007-09-14 22:09:59 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-14 17:47:23 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Yahoo!
2007-09-14 17:26:26 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Macromedia
2007-09-14 17:26:05 0 d-------- C:\Documents and Settings\keith&sue\Contacts
2007-09-14 17:09:06 0 dr-h----- C:\Documents and Settings\keith&sue\Recent
2007-09-14 17:05:33 0 d-------- C:\Documents and Settings\keith&sue\Application Data\WinPatrol
2007-09-14 17:05:18 0 dr------- C:\Documents and Settings\keith&sue\Favorites
2007-09-14 17:05:18 0 d-------- C:\Documents and Settings\keith&sue\Desktop
2007-09-14 17:05:18 0 d---s---- C:\Documents and Settings\keith&sue\Cookies
2007-09-14 17:05:18 0 dr-h----- C:\Documents and Settings\keith&sue\Application Data
2007-09-14 17:05:18 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Symantec
2007-09-14 17:05:18 0 d-------- C:\Documents and Settings\keith&sue\Application Data\Identities
2007-09-14 17:05:18 0 d--h----- C:\Documents and Settings\keith&sue\Application Data\Gtek
2007-09-14 17:05:17 0 d--h----- C:\Documents and Settings\keith&sue\Templates
2007-09-14 17:05:17 0 dr------- C:\Documents and Settings\keith&sue\Start Menu
2007-09-14 17:05:17 0 dr-h----- C:\Documents and Settings\keith&sue\SendTo
2007-09-14 17:05:17 0 d--h----- C:\Documents and Settings\keith&sue\PrintHood
2007-09-14 17:05:17 1310720 --ah----- C:\Documents and Settings\keith&sue\NTUSER.DAT
2007-09-14 17:05:17 0 d--h----- C:\Documents and Settings\keith&sue\NetHood
2007-09-14 17:05:17 0 dr------- C:\Documents and Settings\keith&sue\My Documents
2007-09-14 17:05:17 0 d--h----- C:\Documents and Settings\keith&sue\Local Settings
2007-09-12 19:40:31 0 d-------- C:\Program Files\Windows Live
2007-09-12 19:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-12 15:20:48 1616 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-12 15:20:11 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-09-12 15:20:11 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-09-12 15:20:11 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-09-12 15:20:11 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-11 09:12:45 0 d-------- C:\Program Files\Trend Micro
2007-09-10 21:42:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-10 16:12:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-08 20:35:37 0 d-------- C:\Program Files\Common Files\xing shared
2007-09-05 14:33:45 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-03 22:16:25 0 d-------- C:\Program Files\THQ
2007-09-01 11:26:37 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-08-29 22:01:48 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-08-29 22:01:44 0 d-------- C:\Program Files\Riva
2007-08-29 21:44:08 0 d-------- C:\WINDOWS\FLV Player
2007-08-27 21:12:44 0 d-------- C:\Program Files\Veoh Networks
2007-08-26 22:27:34 0 d-------- C:\Program Files\Blaze Media Pro
2007-08-26 22:27:25 0 d-------- C:\Documents and Settings\mum&dad\Application Data\{1B0CC100-80E7-4108-844F-6244F1FCFCC1}
2007-08-26 22:26:37 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Seven Zip
2007-08-26 18:51:34 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-26 16:47:09 0 d-------- C:\Program Files\QuickTime
2007-08-26 16:45:55 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Apple Computer
2007-08-26 16:32:32 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Ahead
2007-08-26 16:13:35 0 d-------- C:\Program Files\AVI Codec Pack
2007-08-26 16:13:33 0 d-------- C:\WINDOWS\system32\quicktime
2007-08-25 15:59:24 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Real
2007-08-25 08:21:01 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Sun
2007-08-23 15:58:14 0 d-------- C:\Documents and Settings\mum&dad\Application Data\LimeWire
2007-08-23 15:21:29 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Adobe
2007-08-22 20:59:22 0 d-------- C:\symbols
2007-08-22 20:55:23 0 d-------- C:\Program Files\Debugging Tools for Windows
2007-08-22 13:48:54 0 d-------- C:\Documents and Settings\mum&dad\Application Data\DivX
2007-08-22 13:42:33 0 d-------- C:\Program Files\Fx MPEG Suite
2007-08-22 13:25:51 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Intuit
2007-08-22 13:13:51 0 d-------- C:\Documents and Settings\mum&dad\Application Data\OpenOffice.org2
2007-08-22 13:12:24 0 d-------- C:\Documents and Settings\mum&dad\Application Data\ESTsoft
2007-08-22 13:06:54 0 d-------- C:\Documents and Settings\mum&dad\Application Data\WinPatrol
2007-08-21 23:45:23 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Macromedia
2007-08-21 23:40:39 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Yahoo!
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Templates
2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\SendTo
2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\Recent
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\PrintHood
2007-08-21 23:39:46 5242880 --ah----- C:\Documents and Settings\mum&dad\NTUSER.DAT
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\NetHood
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Local Settings
2007-08-21 23:39:46 0 dr-h----- C:\Documents and Settings\mum&dad\Application Data
2007-08-21 23:39:46 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Symantec
2007-08-21 23:39:46 0 d---s---- C:\Documents and Settings\mum&dad\Application Data\Microsoft
2007-08-21 23:39:46 0 d-------- C:\Documents and Settings\mum&dad\Application Data\Identities
2007-08-21 23:39:46 0 d--h----- C:\Documents and Settings\mum&dad\Application Data\Gtek
2007-08-21 16:30:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Mozilla
2007-08-20 17:24:20 5120 --a------ C:\WINDOWS\system32\GTKCMO64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
2007-08-20 17:24:19 5632 --a------ C:\WINDOWS\system32\GPCIEn64.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics>
2007-08-20 17:24:19 7168 --a------ C:\WINDOWS\system32\DLPT64.sys <Not Verified; Gteko Ltd.; QDiag>
2007-08-20 17:24:19 4608 --a------ C:\WINDOWS\system32\DDMI64.sys <Not Verified; Gteko Ltd.; DDMI>
2007-08-19 18:36:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2007-08-17 18:55:26 0 d-------- C:\Program Files\Free WMA to MP3 Converter
2007-08-15 18:34:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead


-- Find3M Report ---------------------------------------------------------------

2007-09-15 08:43:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-14 23:16:55 0 d-------- C:\Program Files\Common Files
2007-09-12 20:29:02 0 d-------- C:\Program Files\eMule
2007-09-11 12:30:16 0 d-------- C:\Program Files\Fx MPEG Writer
2007-09-11 12:30:15 0 d-------- C:\Program Files\DivX
2007-09-08 20:35:35 0 d-------- C:\Program Files\Common Files\Real
2007-09-03 22:16:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 22:16:08 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-26 17:22:03 0 d-------- C:\Program Files\Apple Software Update
2007-08-25 13:34:40 0 d-------- C:\Program Files\Puppy Luv A New Breed
2007-08-23 15:58:10 0 d-------- C:\Program Files\LimeWire
2007-07-31 16:06:42 0 d-------- C:\Program Files\Common Files\Axara
2007-07-27 17:45:37 0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-27 17:43:38 0 d-------- C:\Program Files\Java
2007-07-27 00:06:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 00:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-27 00:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-27 00:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-27 00:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 00:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-27 00:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-24 07:47:29 0 d-------- C:\Program Files\Google
2007-07-22 20:08:44 0 d-------- C:\Program Files\Selectsoft
2007-07-22 20:04:04 0 d-------- C:\Program Files\505 Game Collection
2007-07-18 16:01:28 0 d-------- C:\Program Files\Yahoo! Games
2007-07-18 15:38:52 0 d-------- C:\Program Files\Flickr Uploadr


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/01/2007 22:19]
"NWEReboot "=" " []
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [23/08/2006 12:12]
"WinPatrol "= "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [26/03/2007 16:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN "=C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-09-15 18:00:16 ------------

 

extra text

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 40%
Physical Memory (total/avail): 958.42 MiB / 565.75 MiB
Pagefile Memory (total/avail): 2314.61 MiB / 1958.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1963.72 MiB

C: is Fixed (NTFS) - 171.44 GiB total, 153 GiB free.
D: is Fixed (NTFS) - 58.19 GiB total, 51.63 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\keith&sue\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADULTS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\keith&sue
LOGONSERVER=\\ADULTS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KEITH&~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KEITH&~1\LOCALS~1\Temp
USERDOMAIN=ADULTS
USERNAME=keith&sue
USERPROFILE=C:\Documents and Settings\keith&sue
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

amber (admin)
nadine
michaela (admin)
mum&dad (admin)
keith&sue (admin)


-- Add/Remove Programs ---------------------------------------------------------



-- Application Event Log -------------------------------------------------------

Event Record #/Type7714 / Warning
Event Submitted/Written: 09/15/2007 10:41:11 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type7713 / Warning
Event Submitted/Written: 09/15/2007 10:41:11 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type7696 / Warning
Event Submitted/Written: 09/15/2007 08:37:58 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type7695 / Warning
Event Submitted/Written: 09/15/2007 08:37:58 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type7665 / Warning
Event Submitted/Written: 09/14/2007 10:55:17 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25374 / Warning
Event Submitted/Written: 09/15/2007 04:07:41 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001AA00E5F2C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type25367 / Warning
Event Submitted/Written: 09/15/2007 00:03:14 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001AA00E5F2C. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type25343 / Error
Event Submitted/Written: 09/15/2007 10:41:13 AM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.64,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type25322 / Warning
Event Submitted/Written: 09/15/2007 09:48:04 AM
Event ID/Source: 1073 / USER32
Event Description:
The attempt to reboot ADULTS failed

Event Record #/Type25302 / Error
Event Submitted/Written: 09/15/2007 08:37:59 AM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.64,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.



-- End of Deckard's System Scanner: finished at 2007-09-15 18:00:16 ------------

 

Just a couple of things to clear out. Highlight and copy the bolded command below.

sc delete catchme

Click Start>Run then paste it in and hit Enter.

Delete the following files.

C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe

Empty the recycle bin.


Other than that, there appears to be a problem with the WMI Service on the computer. You can download and run a diagnosis utility from Microsoft that may help pinpoint the problem.
http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspx

Just save it to the desktop then double click to run. When it completes, three logs will be created. You can post the txt file here.

 

confused now m8, 1) the firewall wont let me run sofficebin its says caution

2) i downloaded the tool but all that arrived after unzipping was 3 folders

WMIDiag.xls
WMIDiag.vbs
WMIDiag.doc

i also get an error log of wich is below
the system32 files have been deleted and emptied recycle bin

15254 20:38:38 (0) ** WMIDiag v2.0 started on 15 September 2007 at 20:36.
15255 20:38:38 (0) **
15256 20:38:38 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
15257 20:38:38 (0) **
15258 20:38:38 (0) ** This script is not supported under any Microsoft standard support program or service.
15259 20:38:38 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
15260 20:38:38 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
15261 20:38:38 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
15262 20:38:38 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
15263 20:38:38 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
15264 20:38:38 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
15265 20:38:38 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
15266 20:38:38 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
15267 20:38:38 (0) ** of the possibility of such damages.
15268 20:38:38 (0) **
15269 20:38:38 (0) **
15270 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15271 20:38:38 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
15272 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15273 20:38:38 (0) **
15274 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15275 20:38:38 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'ADULTS\KEITH&SUE' on computer 'ADULTS'.
15276 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15277 20:38:38 (0) ** Environment: ........................................................................................................ OK..
15278 20:38:38 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1).
15279 20:38:38 (0) ** Drive type: ......................................................................................................... IDE (ST3250820AS).
15280 20:38:38 (0) ** There are no missing WMI system files: .............................................................................. OK.
15281 20:38:38 (0) ** There are no missing WMI repository files: .......................................................................... OK.
15282 20:38:38 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
15283 20:38:38 (0) ** BEFORE running WMIDiag:
15284 20:38:38 (0) ** The WMI repository has a size of: ................................................................................... 6 MB.
15285 20:38:38 (0) ** - Disk free space on 'C:': .......................................................................................... 156649 MB.
15286 20:38:38 (0) ** - INDEX.BTR, 1048576 bytes, 15/09/2007 20:08:48
15287 20:38:38 (0) ** - INDEX.MAP, 560 bytes, 15/09/2007 20:08:48
15288 20:38:38 (0) ** - MAPPING.VER, 4 bytes, 15/09/2007 20:08:48
15289 20:38:38 (0) ** - MAPPING1.MAP, 3344 bytes, 15/09/2007 20:07:48
15290 20:38:38 (0) ** - MAPPING2.MAP, 3352 bytes, 15/09/2007 20:08:48
15291 20:38:38 (0) ** - OBJECTS.DATA, 5505024 bytes, 15/09/2007 20:08:48
15292 20:38:38 (0) ** - OBJECTS.MAP, 2816 bytes, 15/09/2007 20:08:48
15293 20:38:38 (0) ** AFTER running WMIDiag:
15294 20:38:38 (0) ** The WMI repository has a size of: ................................................................................... 6 MB.
15295 20:38:38 (0) ** - Disk free space on 'C:': .......................................................................................... 156645 MB.
15296 20:38:38 (0) ** - INDEX.BTR, 1048576 bytes, 15/09/2007 20:08:48
15297 20:38:38 (0) ** - INDEX.MAP, 560 bytes, 15/09/2007 20:08:48
15298 20:38:38 (0) ** - MAPPING.VER, 4 bytes, 15/09/2007 20:08:48
15299 20:38:38 (0) ** - MAPPING1.MAP, 3344 bytes, 15/09/2007 20:07:48
15300 20:38:38 (0) ** - MAPPING2.MAP, 3352 bytes, 15/09/2007 20:08:48
15301 20:38:38 (0) ** - OBJECTS.DATA, 5505024 bytes, 15/09/2007 20:08:48
15302 20:38:38 (0) ** - OBJECTS.MAP, 2816 bytes, 15/09/2007 20:08:48
15303 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15304 20:38:38 (2) !! WARNING: Windows Firewall: .......................................................................................... DISABLED.
15305 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15306 20:38:38 (0) ** DCOM Status: ........................................................................................................ OK.
15307 20:38:38 (0) ** WMI registry setup: ................................................................................................. OK.
15308 20:38:38 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
15309 20:38:38 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
15310 20:38:38 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')
15311 20:38:38 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
15312 20:38:38 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
15313 20:38:38 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
15314 20:38:38 (0) ** this can prevent the service/application to work as expected.
15315 20:38:38 (0) **
15316 20:38:38 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
15317 20:38:38 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
15318 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15319 20:38:38 (1) !! ERROR: WMI service DCOM setup: ...................................................................................... ERROR!
15320 20:38:38 (0) ** => You can correct the WMI service DCOM configuration by executing the two following commands:
15321 20:38:38 (0) ** i.e. 'WINMGMT.EXE /REGSERVER'
15322 20:38:38 (0) ** i.e. 'UNSECAPP.EXE /REGSERVER'
15323 20:38:38 (0) ** i.e. 'FOR %i IN ( "C:\WINDOWS\SYSTEM32\WBEM\WBEM*.DLL ") DO REGSVR32.EXE /S %i'
15324 20:38:38 (0) ** Once completed, stop and restart the WMI Service with the following commands:
15325 20:38:38 (0) ** i.e. 'NET STOP WINMGMT'
15326 20:38:38 (0) ** i.e. 'NET START WINMGMT'
15327 20:38:38 (0) ** => Check any additional registry setup errors at the bottom of this report.
15328 20:38:38 (0) **
15329 20:38:38 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 1 WARNING(S)!
15330 20:38:38 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32)
15331 20:38:38 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
15332 20:38:38 (0) ** fail depending on the operation requested.
15333 20:38:38 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.
15334 20:38:38 (0) **
15335 20:38:38 (0) ** WMI ProgID registrations: ........................................................................................... OK.
15336 20:38:38 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
15337 20:38:38 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
15338 20:38:38 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
15339 20:38:38 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
15340 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15341 20:38:38 (0) ** Overall DCOM security status: ....................................................................................... OK.
15342 20:38:38 (0) ** Overall WMI security status: ........................................................................................ OK.
15343 20:38:38 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
15344 20:38:38 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
15345 20:38:38 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name= "Microsoft WMI Updating Consumer Scenario Control ".
15346 20:38:38 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
15347 20:38:38 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name= "SCM Event Log Consumer ".
15348 20:38:38 (0) ** 'select * from MSFT_SCMEventLogEvent'
15349 20:38:38 (0) **
15350 20:38:38 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
15351 20:38:38 (0) ** INFO: WMI ADAP status: .............................................................................................. 2.
15352 20:38:38 (0) ** => The WMI ADAP process is processing a performance library (2).
15353 20:38:38 (0) ** Some WMI performance classes could be missing at the time WMIDiag was executed.
15354 20:38:38 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 14 ERROR(S)!
15355 20:38:38 (0) ** - Root, 0x0 - .
15356 20:38:38 (0) ** - ROOT/SECURITY, 0x0 - .
15357 20:38:38 (0) ** - ROOT/ASPNET, 0x0 - .
15358 20:38:38 (0) ** - ROOT/SECURITYCENTER, 0x0 - .
15359 20:38:38 (0) ** - ROOT/WMI, 0x0 - .
15360 20:38:38 (0) ** - ROOT/CIMV2, 0x0 - .
15361 20:38:38 (0) ** - ROOT/CIMV2/APPLICATIONS, 0x0 - .
15362 20:38:38 (0) ** - ROOT/CIMV2/APPLICATIONS/MICROSOFTIE, 0x0 - .
15363 20:38:38 (0) ** - ROOT/MICROSOFT, 0x0 - .
15364 20:38:38 (0) ** - ROOT/MICROSOFT/HOMENET, 0x0 - .
15365 20:38:38 (0) ** - ROOT/DEFAULT, 0x0 - .
15366 20:38:38 (0) ** - ROOT/DIRECTORY, 0x0 - .
15367 20:38:38 (0) ** - ROOT/DIRECTORY/LDAP, 0x0 - .
15368 20:38:38 (0) ** - ROOT/SUBSCRIPTION, 0x0 - .
15369 20:38:38 (0) **
15370 20:38:38 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
15371 20:38:38 (0) ** WMI GET operations: ................................................................................................. OK.
15372 20:38:38 (0) ** WMI MOF representations: ............................................................................................ OK.
15373 20:38:38 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
15374 20:38:38 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
15375 20:38:38 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
15376 20:38:38 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
15377 20:38:38 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
15378 20:38:38 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
15379 20:38:38 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
15380 20:38:38 (0) ** WMI static instances retrieved: ..................................................................................... 581.
15381 20:38:38 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
15382 20:38:38 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
15383 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15384 20:38:38 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
15385 20:38:38 (0) ** DCOM: ............................................................................................................. 13.
15386 20:38:38 (0) ** WINMGMT: .......................................................................................................... 0.
15387 20:38:38 (0) ** WMIADAPTER: ....................................................................................................... 0.
15388 20:38:38 (0) ** => Verify the WMIDiag LOG at line #14913 for more details.
15389 20:38:38 (0) **
15390 20:38:38 (0) ** # of additional Event Log events AFTER WMIDiag execution:
15391 20:38:38 (0) ** DCOM: ............................................................................................................. 0.
15392 20:38:38 (0) ** WINMGMT: .......................................................................................................... 0.
15393 20:38:38 (0) ** WMIADAPTER: ....................................................................................................... 0.
15394 20:38:38 (0) **
15395 20:38:38 (0) ** 14 error(s) 0x0 - (WBEM_UNKNOWN) This error code is external to WMI.
15396 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15397 20:38:38 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 2 KEY(S)!
15398 20:38:38 (1) !! ERROR: Missing registry key value:
15399 20:38:38 (0) ** - HKLM\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\ProgID\ (REG_SZ) -> WINMGMTS.1
15400 20:38:38 (0) ** From the command line, the registry configuration can be corrected with the following command:
15401 20:38:38 (1) !! ERROR: Missing registry key value:
15402 20:38:38 (0) ** - HKLM\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\VersionIndependentProgID\ (REG_SZ) -> WINMGMTS
15403 20:38:38 (0) ** From the command line, the registry configuration can be corrected with the following command:
15404 20:38:38 (0) **
15405 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15406 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15407 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15408 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15409 20:38:38 (0) **
15410 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15411 20:38:38 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
15412 20:38:38 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15413 20:38:38 (0) **
15414 20:38:38 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\KEITH&SUE\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_ADULTS_2007.09.15_20.36.44.LOG' for details.
15415 20:38:38 (0) **
15416 20:38:38 (0) ** WMIDiag v2.0 ended on 15 September 2007 at 20:38 (W:60 E:14 S:1).

 

wmidaig

a log has just popped up which i presume just came from the tool i just downloaded the log is below


15265 20:44:24 (0) ** WMIDiag v2.0 started on 15 September 2007 at 20:42.
15266 20:44:24 (0) **
15267 20:44:24 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
15268 20:44:24 (0) **
15269 20:44:24 (0) ** This script is not supported under any Microsoft standard support program or service.
15270 20:44:24 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
15271 20:44:24 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
15272 20:44:24 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
15273 20:44:24 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
15274 20:44:24 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
15275 20:44:24 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
15276 20:44:24 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
15277 20:44:24 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
15278 20:44:24 (0) ** of the possibility of such damages.
15279 20:44:24 (0) **
15280 20:44:24 (0) **
15281 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15282 20:44:24 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
15283 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15284 20:44:24 (0) **
15285 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15286 20:44:24 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'ADULTS\KEITH&SUE' on computer 'ADULTS'.
15287 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15288 20:44:24 (0) ** Environment: ........................................................................................................ OK..
15289 20:44:24 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1).
15290 20:44:24 (0) ** Drive type: ......................................................................................................... IDE (ST3250820AS).
15291 20:44:24 (0) ** There are no missing WMI system files: .............................................................................. OK.
15292 20:44:24 (0) ** There are no missing WMI repository files: .......................................................................... OK.
15293 20:44:24 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
15294 20:44:24 (0) ** BEFORE running WMIDiag:
15295 20:44:24 (0) ** The WMI repository has a size of: ................................................................................... 6 MB.
15296 20:44:24 (0) ** - Disk free space on 'C:': .......................................................................................... 156645 MB.
15297 20:44:24 (0) ** - INDEX.BTR, 1048576 bytes, 15/09/2007 20:08:48
15298 20:44:24 (0) ** - INDEX.MAP, 560 bytes, 15/09/2007 20:39:57
15299 20:44:24 (0) ** - MAPPING.VER, 4 bytes, 15/09/2007 20:39:57
15300 20:44:24 (0) ** - MAPPING1.MAP, 3344 bytes, 15/09/2007 20:39:57
15301 20:44:24 (0) ** - MAPPING2.MAP, 3352 bytes, 15/09/2007 20:08:48
15302 20:44:24 (0) ** - OBJECTS.DATA, 5505024 bytes, 15/09/2007 20:08:48
15303 20:44:24 (0) ** - OBJECTS.MAP, 2816 bytes, 15/09/2007 20:39:57
15304 20:44:24 (0) ** AFTER running WMIDiag:
15305 20:44:24 (0) ** The WMI repository has a size of: ................................................................................... 6 MB.
15306 20:44:24 (0) ** - Disk free space on 'C:': .......................................................................................... 156644 MB.
15307 20:44:24 (0) ** - INDEX.BTR, 1048576 bytes, 15/09/2007 20:08:48
15308 20:44:24 (0) ** - INDEX.MAP, 560 bytes, 15/09/2007 20:39:57
15309 20:44:24 (0) ** - MAPPING.VER, 4 bytes, 15/09/2007 20:39:57
15310 20:44:24 (0) ** - MAPPING1.MAP, 3344 bytes, 15/09/2007 20:39:57
15311 20:44:24 (0) ** - MAPPING2.MAP, 3352 bytes, 15/09/2007 20:08:48
15312 20:44:24 (0) ** - OBJECTS.DATA, 5505024 bytes, 15/09/2007 20:08:48
15313 20:44:24 (0) ** - OBJECTS.MAP, 2816 bytes, 15/09/2007 20:39:57
15314 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15315 20:44:24 (2) !! WARNING: Windows Firewall: .......................................................................................... DISABLED.
15316 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15317 20:44:24 (0) ** DCOM Status: ........................................................................................................ OK.
15318 20:44:24 (0) ** WMI registry setup: ................................................................................................. OK.
15319 20:44:24 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
15320 20:44:24 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
15321 20:44:24 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')
15322 20:44:24 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
15323 20:44:24 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
15324 20:44:24 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
15325 20:44:24 (0) ** this can prevent the service/application to work as expected.
15326 20:44:24 (0) **
15327 20:44:24 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
15328 20:44:24 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
15329 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15330 20:44:24 (1) !! ERROR: WMI service DCOM setup: ...................................................................................... ERROR!
15331 20:44:24 (0) ** => You can correct the WMI service DCOM configuration by executing the two following commands:
15332 20:44:24 (0) ** i.e. 'WINMGMT.EXE /REGSERVER'
15333 20:44:24 (0) ** i.e. 'UNSECAPP.EXE /REGSERVER'
15334 20:44:24 (0) ** i.e. 'FOR %i IN ( "C:\WINDOWS\SYSTEM32\WBEM\WBEM*.DLL ") DO REGSVR32.EXE /S %i'
15335 20:44:24 (0) ** Once completed, stop and restart the WMI Service with the following commands:
15336 20:44:24 (0) ** i.e. 'NET STOP WINMGMT'
15337 20:44:24 (0) ** i.e. 'NET START WINMGMT'
15338 20:44:24 (0) ** => Check any additional registry setup errors at the bottom of this report.
15339 20:44:24 (0) **
15340 20:44:24 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 1 WARNING(S)!
15341 20:44:24 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMDISP.DLL (\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32)
15342 20:44:24 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
15343 20:44:24 (0) ** fail depending on the operation requested.
15344 20:44:24 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.
15345 20:44:24 (0) **
15346 20:44:24 (0) ** WMI ProgID registrations: ........................................................................................... OK.
15347 20:44:24 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
15348 20:44:24 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
15349 20:44:24 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
15350 20:44:24 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
15351 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15352 20:44:24 (0) ** Overall DCOM security status: ....................................................................................... OK.
15353 20:44:24 (0) ** Overall WMI security status: ........................................................................................ OK.
15354 20:44:24 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
15355 20:44:24 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
15356 20:44:24 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name= "Microsoft WMI Updating Consumer Scenario Control ".
15357 20:44:24 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
15358 20:44:24 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name= "SCM Event Log Consumer ".
15359 20:44:24 (0) ** 'select * from MSFT_SCMEventLogEvent'
15360 20:44:24 (0) **
15361 20:44:24 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
15362 20:44:24 (0) ** INFO: WMI ADAP status: .............................................................................................. 2.
15363 20:44:24 (0) ** => The WMI ADAP process is processing a performance library (2).
15364 20:44:24 (0) ** Some WMI performance classes could be missing at the time WMIDiag was executed.
15365 20:44:24 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 14 ERROR(S)!
15366 20:44:24 (0) ** - Root, 0x0 - .
15367 20:44:24 (0) ** - ROOT/SECURITY, 0x0 - .
15368 20:44:24 (0) ** - ROOT/ASPNET, 0x0 - .
15369 20:44:24 (0) ** - ROOT/SECURITYCENTER, 0x0 - .
15370 20:44:24 (0) ** - ROOT/WMI, 0x0 - .
15371 20:44:24 (0) ** - ROOT/CIMV2, 0x0 - .
15372 20:44:24 (0) ** - ROOT/CIMV2/APPLICATIONS, 0x0 - .
15373 20:44:24 (0) ** - ROOT/CIMV2/APPLICATIONS/MICROSOFTIE, 0x0 - .
15374 20:44:24 (0) ** - ROOT/MICROSOFT, 0x0 - .
15375 20:44:24 (0) ** - ROOT/MICROSOFT/HOMENET, 0x0 - .
15376 20:44:24 (0) ** - ROOT/DEFAULT, 0x0 - .
15377 20:44:24 (0) ** - ROOT/DIRECTORY, 0x0 - .
15378 20:44:24 (0) ** - ROOT/DIRECTORY/LDAP, 0x0 - .
15379 20:44:24 (0) ** - ROOT/SUBSCRIPTION, 0x0 - .
15380 20:44:24 (0) **
15381 20:44:24 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
15382 20:44:24 (0) ** WMI GET operations: ................................................................................................. OK.
15383 20:44:24 (0) ** WMI MOF representations: ............................................................................................ OK.
15384 20:44:24 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
15385 20:44:24 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
15386 20:44:24 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
15387 20:44:24 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
15388 20:44:24 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
15389 20:44:24 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
15390 20:44:24 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
15391 20:44:24 (0) ** WMI static instances retrieved: ..................................................................................... 581.
15392 20:44:24 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
15393 20:44:24 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
15394 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15395 20:44:24 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
15396 20:44:24 (0) ** DCOM: ............................................................................................................. 13.
15397 20:44:24 (0) ** WINMGMT: .......................................................................................................... 0.
15398 20:44:24 (0) ** WMIADAPTER: ....................................................................................................... 0.
15399 20:44:24 (0) ** => Verify the WMIDiag LOG at line #14924 for more details.
15400 20:44:24 (0) **
15401 20:44:24 (0) ** # of additional Event Log events AFTER WMIDiag execution:
15402 20:44:24 (0) ** DCOM: ............................................................................................................. 0.
15403 20:44:24 (0) ** WINMGMT: .......................................................................................................... 0.
15404 20:44:24 (0) ** WMIADAPTER: ....................................................................................................... 0.
15405 20:44:24 (0) **
15406 20:44:24 (0) ** 14 error(s) 0x0 - (WBEM_UNKNOWN) This error code is external to WMI.
15407 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15408 20:44:24 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 2 KEY(S)!
15409 20:44:24 (1) !! ERROR: Missing registry key value:
15410 20:44:24 (0) ** - HKLM\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\ProgID\ (REG_SZ) -> WINMGMTS.1
15411 20:44:24 (0) ** From the command line, the registry configuration can be corrected with the following command:
15412 20:44:24 (1) !! ERROR: Missing registry key value:
15413 20:44:24 (0) ** - HKLM\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\VersionIndependentProgID\ (REG_SZ) -> WINMGMTS
15414 20:44:24 (0) ** From the command line, the registry configuration can be corrected with the following command:
15415 20:44:24 (0) **
15416 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15417 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15418 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15419 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15420 20:44:24 (0) **
15421 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15422 20:44:24 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
15423 20:44:24 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15424 20:44:24 (0) **
15425 20:44:24 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\KEITH&SUE\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_ADULTS_2007.09.15_20.42.24.LOG' for details.
15426 20:44:24 (0) **
15427 20:44:24 (0) ** WMIDiag v2.0 ended on 15 September 2007 at 20:44 (W:61 E:14 S:1).