1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

recovery from virus attack

Discussion in 'Windows XP' started by possum_hollow, Apr 19, 2010.

Thread Status:
Not open for further replies.
  1. possum_hollow

    possum_hollow Thread Starter

    Joined:
    Apr 19, 2010
    Messages:
    1
    I am still trying to recover from an attack last Friday, but cannot re-establish internet connection. I am pasting my WMI report, sure would appreciate it if someone could help out.

    17414 11:00:02 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
    17415 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17416 11:00:02 (0) **
    17417 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17418 11:00:02 (0) ** Windows XP - No service pack - 32-bit (2600) - User 'UPYRS-G5HHE18QX\F D YATES' on computer 'UPYRS-G5HHE18QX'.
    17419 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17420 11:00:02 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
    17421 11:00:02 (0) ** INFO: => 3 incorrect shutdown(s) detected on:
    17422 11:00:02 (0) ** - Shutdown on 15 April 2010 11:19:24 (GMT+5).
    17423 11:00:02 (0) ** - Shutdown on 15 April 2010 11:42:17 (GMT+5).
    17424 11:00:02 (0) ** - Shutdown on 18 April 2010 08:10:29 (GMT+5).
    17425 11:00:02 (0) **
    17426 11:00:02 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0).
    17427 11:00:02 (0) ** Drive type: ......................................................................................................... IDE (WDC WD300BB-00AUA1).
    17428 11:00:02 (0) ** There are no missing WMI system files: .............................................................................. OK.
    17429 11:00:02 (0) ** There are no missing WMI repository files: .......................................................................... OK.
    17430 11:00:02 (0) ** WMI repository state: ............................................................................................... N/A.
    17431 11:00:02 (0) ** BEFORE running WMIDiag:
    17432 11:00:02 (0) ** The WMI repository has a size of: ................................................................................... 20 MB.
    17433 11:00:02 (0) ** - Disk free space on 'C:': .......................................................................................... 3603 MB.
    17434 11:00:02 (0) ** - INDEX.BTR, 1458176 bytes, 4/19/2010 10:38:23 AM
    17435 11:00:02 (0) ** - INDEX.MAP, 772 bytes, 4/19/2010 10:38:23 AM
    17436 11:00:02 (0) ** - OBJECTS.DATA, 19742720 bytes, 4/19/2010 10:38:23 AM
    17437 11:00:02 (0) ** - OBJECTS.MAP, 9672 bytes, 4/19/2010 10:38:23 AM
    17438 11:00:02 (0) ** AFTER running WMIDiag:
    17439 11:00:02 (0) ** The WMI repository has a size of: ................................................................................... 20 MB.
    17440 11:00:02 (0) ** - Disk free space on 'C:': .......................................................................................... 3600 MB.
    17441 11:00:02 (0) ** - INDEX.BTR, 1458176 bytes, 4/19/2010 10:38:23 AM
    17442 11:00:02 (0) ** - INDEX.MAP, 772 bytes, 4/19/2010 10:38:23 AM
    17443 11:00:02 (0) ** - OBJECTS.DATA, 19742720 bytes, 4/19/2010 10:38:23 AM
    17444 11:00:02 (0) ** - OBJECTS.MAP, 9672 bytes, 4/19/2010 10:38:23 AM
    17445 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17446 11:00:02 (0) ** Windows Firewall: ................................................................................................... NOT INSTALLED.
    17447 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17448 11:00:02 (0) ** DCOM Status: ........................................................................................................ OK.
    17449 11:00:02 (0) ** WMI registry setup: ................................................................................................. OK.
    17450 11:00:02 (0) ** WMI Service has no dependents: ...................................................................................... OK.
    17451 11:00:02 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
    17452 11:00:02 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
    17453 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17454 11:00:02 (0) ** WMI service DCOM setup: ............................................................................................. OK.
    17455 11:00:02 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 2 WARNING(S)!
    17456 11:00:02 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WMIDCPRV.DLL (\CLSID\{4CFC7932-0F9D-4BEF-9C32-8EA2A6B56FCB}\InProcServer32)
    17457 11:00:02 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WMIDCPRV.DLL (\CLSID\{F5F75737-2843-4F22-933D-C76A97CDA62F}\InProcServer32)
    17458 11:00:02 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
    17459 11:00:02 (0) ** fail depending on the operation requested.
    17460 11:00:02 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE <Filename.DLL>' command.
    17461 11:00:02 (0) **
    17462 11:00:02 (0) ** WMI ProgID registrations: ........................................................................................... OK.
    17463 11:00:02 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
    17464 11:00:02 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
    17465 11:00:02 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
    17466 11:00:02 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
    17467 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17468 11:00:02 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
    17469 11:00:02 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
    17470 11:00:02 (0) ** - REMOVED ACE:
    17471 11:00:02 (0) ** ACEType: &h0
    17472 11:00:02 (0) ** ACCESS_ALLOWED_ACE_TYPE
    17473 11:00:02 (0) ** ACEFlags: &h0
    17474 11:00:02 (0) ** ACEMask: &h1
    17475 11:00:02 (0) ** DCOM_RIGHT_EXECUTE
    17476 11:00:02 (0) **
    17477 11:00:02 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
    17478 11:00:02 (0) ** Removing default security will cause some operations to fail!
    17479 11:00:02 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
    17480 11:00:02 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
    17481 11:00:02 (0) **
    17482 11:00:02 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
    17483 11:00:02 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
    17484 11:00:02 (0) ** - REMOVED ACE:
    17485 11:00:02 (0) ** ACEType: &h0
    17486 11:00:02 (0) ** ACCESS_ALLOWED_ACE_TYPE
    17487 11:00:02 (0) ** ACEFlags: &h0
    17488 11:00:02 (0) ** ACEMask: &h1
    17489 11:00:02 (0) ** DCOM_RIGHT_EXECUTE
    17490 11:00:02 (0) **
    17491 11:00:02 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
    17492 11:00:02 (0) ** Removing default security will cause some operations to fail!
    17493 11:00:02 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
    17494 11:00:02 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
    17495 11:00:02 (0) **
    17496 11:00:02 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
    17497 11:00:02 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
    17498 11:00:02 (0) ** - REMOVED ACE:
    17499 11:00:02 (0) ** ACEType: &h0
    17500 11:00:02 (0) ** ACCESS_ALLOWED_ACE_TYPE
    17501 11:00:02 (0) ** ACEFlags: &h0
    17502 11:00:02 (0) ** ACEMask: &h1
    17503 11:00:02 (0) ** DCOM_RIGHT_EXECUTE
    17504 11:00:02 (0) **
    17505 11:00:02 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
    17506 11:00:02 (0) ** Removing default security will cause some operations to fail!
    17507 11:00:02 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
    17508 11:00:02 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
    17509 11:00:02 (0) **
    17510 11:00:02 (0) **
    17511 11:00:02 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
    17512 11:00:02 (0) ** DCOM security error(s) detected: .................................................................................... 3.
    17513 11:00:02 (0) ** WMI security warning(s) detected: ................................................................................... 0.
    17514 11:00:02 (0) ** WMI security error(s) detected: ..................................................................................... 0.
    17515 11:00:02 (0) **
    17516 11:00:02 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
    17517 11:00:02 (0) ** Overall WMI security status: ........................................................................................ OK.
    17518 11:00:02 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
    17519 11:00:02 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
    17520 11:00:02 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".
    17521 11:00:02 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
    17522 11:00:02 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
    17523 11:00:02 (0) ** 'select * from MSFT_SCMEventLogEvent'
    17524 11:00:02 (0) **
    17525 11:00:02 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
    17526 11:00:02 (0) ** WMI ADAP status: .................................................................................................... OK.
    17527 11:00:02 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
    17528 11:00:02 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
    17529 11:00:02 (0) ** WMI GET operations: ................................................................................................. OK.
    17530 11:00:02 (0) ** WMI MOF representations: ............................................................................................ OK.
    17531 11:00:02 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
    17532 11:00:02 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 4 ERROR(S)!
    17533 11:00:02 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfRawData_Tcpip_IP' did not return any instance while AT LEAST 1 instance is expected.
    17534 11:00:02 (0) ** MOF Registration: 'No located MOF file (exception)'
    17535 11:00:02 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfRawData_Tcpip_TCP' did not return any instance while AT LEAST 1 instance is expected.
    17536 11:00:02 (0) ** MOF Registration: 'No located MOF file (exception)'
    17537 11:00:02 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfRawData_Tcpip_UDP' did not return any instance while AT LEAST 1 instance is expected.
    17538 11:00:02 (0) ** MOF Registration: 'No located MOF file (exception)'
    17539 11:00:02 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfRawData_Tcpip_ICMP' did not return any instance while AT LEAST 1 instance is expected.
    17540 11:00:02 (0) ** MOF Registration: 'No located MOF file (exception)'
    17541 11:00:02 (0) **
    17542 11:00:02 (2) !! WARNING: WMI EXECQUERY operation errors reported: ................................................................... 2 WARNING(S)!
    17543 11:00:02 (0) ** - Root/CIMv2, 'Select * From Win32_VideoController' did not return any instance while AT LEAST 1 instance is expected.
    17544 11:00:02 (0) ** - Root/CIMv2, 'Select * From Win32_DesktopMonitor' did not return any instance while AT LEAST 1 instance is expected.
    17545 11:00:02 (0) **
    17546 11:00:02 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
    17547 11:00:02 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
    17548 11:00:02 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
    17549 11:00:02 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
    17550 11:00:02 (0) ** WMI static instances retrieved: ..................................................................................... 667.
    17551 11:00:02 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
    17552 11:00:02 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
    17553 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17554 11:00:02 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
    17555 11:00:02 (0) ** DCOM: ............................................................................................................. 63.
    17556 11:00:02 (0) ** WINMGMT: .......................................................................................................... 7.
    17557 11:00:02 (0) ** WMIADAPTER: ....................................................................................................... 0.
    17558 11:00:02 (0) ** => Verify the WMIDiag LOG at line #16840 for more details.
    17559 11:00:02 (0) **
    17560 11:00:02 (0) ** # of additional Event Log events AFTER WMIDiag execution:
    17561 11:00:02 (0) ** DCOM: ............................................................................................................. 0.
    17562 11:00:02 (0) ** WINMGMT: .......................................................................................................... 0.
    17563 11:00:02 (0) ** WMIADAPTER: ....................................................................................................... 0.
    17564 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17565 11:00:02 (0) ** WMI Registry key setup: ............................................................................................. OK.
    17566 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17567 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17568 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17569 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17570 11:00:02 (0) **
    17571 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
    17572 11:00:02 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
    17573 11:00:02 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - recovery virus attack
  1. MRB1LL
    Replies:
    8
    Views:
    488
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917884

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice