Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system errors firewall problems & low level spyware.


  • Please log in to reply
1 reply to this topic

#1 colids

colids

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 April 2009 - 09:54 PM

i have some Windows Management Instrumentation problems,some firewall errors and imunsations errors.

i ran the WMI Diagnosis Utility,i dont know if the log is safe to post as it contains a lot on info,can some one tell me if it is or not?
it does say i have errors and i should run ceratain utitlys but the log is way out off my depth.

i do have webroots spysweeper installed i dont know if this is blocking the wmi,i dont think it is responsible for the errors i see in that log.
i do have a habbit off removing all useage tracks (common diglogs ect) with search and destroy,i dont know if this is a good idea or is responsible for the errors i have.

spysweeper tells me my version off zone alarm is corrupted no matter if i use IE or firefox i recive a corrupted version or so spyswepper tells me.
this only started happing when they moved upto version 8.

in the newset version i have a warning that worries me;
Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ZoneAlarm Client. Failure: SRegSetDataFailed -1- (warning from spysweepers logs)

i have asked za about this but got no responce and i did wait two to three weeks.

also i my communcation sheild (within spysweeper) isnt blocking anything unless boot into safe mode and run the immunsation feture in search and destroy/spyblaster then reboot then its starts working ie the commication sheild pops up and says;
The Internet Communication shield has blocked access to: ANTISPYWARE2008-DOWNLOAD.COM ect ect. (i dont think its to do with spysweeper its self)


also in zone alarms logs i am constaly being attacked by scvhost with to ips with only one digit difference.
its not a few times or i wouldnt worry its a extreme ammount.
and lot off routed packages (i am not on a roter)
also exploer keeps tryng to connect to the net.

i did have a trojan and one unmaned virus (i reinstalled spysweeper since so and i cant rember the name) it was picked up becuse off its behaviour but i am sure my sytem is clean bar the low level spyware,i picked them up when i reformatted and let lsass.exe access my system witch was picked up by microsofts Malicious Software Removal Tool and i removed the rest with spyswepper (i hadnt installed it when i got attacked) i am not sure how much damage was done to my system,i also left the remote assistance ticked and am sure by the logs i had a lot off pss useing my comp.


~~~~~~~~~
the low level spyware;

the low level spyware was picked up by pc pitstops extremine antivirus/spyware scanner

alough thers a problem with the reg scan;The registry information for Exterminate2 appears to be missing.
This can occur if the Exterminate2 is copied to another system without using the installer,
or if program installation fails because of registry permission issues.
Try reinstalling Exterminate2 i reinstalled it but to no avail.

when i did install it i did get a warning firefoxs cache was damaged.(fixed)

Low Level ThreatsMy Search Bar
ThreatID:14832
Type:Low Risk Software
Level:5
Category:Potentially Unwanted Program
DescPotentially Unwanted Programs include software that does not fit into another category (such as Low Risk Adware or Potential Privacy Risk) that users might want detected because the software includes some form of potentially objectionable functionality.
TracesType:3 IMsiDe1egate.Application.1 -1
Type:3 IMsiDe1egate.Application.1 1
Type:3 CLSID -1
Type:3 CLSID 1
CanQuarantine:1
AuthorURL:mysearch.com

this mabye somthing to do with the ask toolbar that webroot was offering to install that was demmed malware by malwarebytes/search and destroy.
i did install the ask bar once but removed it and nothing is showing up with search& destroy/malwarebytes and pandas free scan but as this is demmed low level that mabye why.alough saying that both malwarebytes and s&d did remove traces off the ask tool bar.(i had to run both to remove et all) i would like to remove it.

also i get told i have 4 pups but i cant see the logs to find out what they mabye.
i can only think its reffering to my photoshop/vido app witch is from ArcSoft other than that i havent the fainist as thers not much else on my comp.

running xp home edition.

all i can say at this point is thank you to anyone that tackles this issiue.

edit due to tyops.

Edited by colids, 17 April 2009 - 07:48 AM.


BC AdBot (Login to Remove)

 


#2 colids

colids
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 17 April 2009 - 01:20 PM

i dont like to post without a reply,its not to get a faster reply.its becuse i removed what i think i shouldnt post.
if i can just get help with this one obviously i would appricate it.

WMI log;

15267 04:06:51 (0) ** WMIDiag v2.0 started on 16 April 2009 at 03:57.
15268 04:06:51 (0) **
15269 04:06:51 (0) ** Copyright Microsoft Corporation. All rights reserved - January 2007.
15270 04:06:51 (0) **
15271 04:06:51 (0) ** This script is not supported under any Microsoft standard support program or service.
15272 04:06:51 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
15273 04:06:51 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
15274 04:06:51 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
15275 04:06:51 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
15276 04:06:51 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
15277 04:06:51 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
15278 04:06:51 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
15279 04:06:51 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
15280 04:06:51 (0) ** of the possibility of such damages.
15281 04:06:51 (0) **
15282 04:06:51 (0) **
15283 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15284 04:06:51 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
15285 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15286 04:06:51 (0) **
15287 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15288 04:06:51 (0) ** Windows XP - No service pack - 32-bit (2600)
15289 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15290 04:06:51 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
15291 04:06:51 (0) ** INFO: => 3 incorrect shutdown(s) detected on:
15292 04:06:51 (0) ** - Shutdown on 08 April 2009 20:44:38 (GMT+1).
15293 04:06:51 (0) ** - Shutdown on 08 April 2009 21:39:54 (GMT+1).
15294 04:06:51 (0) ** - Shutdown on 08 April 2009 21:47:15 (GMT+1).
15295 04:06:51 (0) **
15296 04:06:51 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0).
15297 04:06:51 (0) ** Drive type: ......................................................................................................... IDE (removed by coilds for privicy).
15298 04:06:51 (0) ** There are no missing WMI system files: .............................................................................. OK.
15299 04:06:51 (0) ** There are no missing WMI repository files: .......................................................................... OK.
15300 04:06:51 (0) ** WMI repository state: ............................................................................................... N/A.
15301 04:06:51 (0) ** BEFORE running WMIDiag:
15302 04:06:51 (0) ** The WMI repository has a size of: ................................................................................... 7 MB.
15303 04:06:51 (0) ** - Disk free space on 'C:': .......................................................................................... 29355 MB.
15304 04:06:51 (0) ** - INDEX.BTR, 1261568 bytes, 16/04/2009 03:53:23
15305 04:06:51 (0) ** - INDEX.MAP, 668 bytes, 16/04/2009 03:53:23
15306 04:06:51 (0) ** - OBJECTS.DATA, 6037504 bytes, 16/04/2009 03:53:22
15307 04:06:51 (0) ** - OBJECTS.MAP, 2972 bytes, 16/04/2009 03:53:23
15308 04:06:51 (0) ** AFTER running WMIDiag:
15309 04:06:51 (0) ** The WMI repository has a size of: ................................................................................... 7 MB.
15310 04:06:51 (0) ** - Disk free space on 'C:': .......................................................................................... 29351 MB.
15311 04:06:51 (0) ** - INDEX.BTR, 1261568 bytes, 16/04/2009 03:53:23
15312 04:06:51 (0) ** - INDEX.MAP, 668 bytes, 16/04/2009 03:53:23
15313 04:06:51 (0) ** - OBJECTS.DATA, 6037504 bytes, 16/04/2009 03:53:22
15314 04:06:51 (0) ** - OBJECTS.MAP, 2972 bytes, 16/04/2009 03:53:23
15315 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15316 04:06:51 (0) ** Windows Firewall: ................................................................................................... NOT INSTALLED.
15317 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15318 04:06:51 (0) ** DCOM Status: ........................................................................................................ OK.
15319 04:06:51 (0) ** WMI registry setup: ................................................................................................. OK.
15320 04:06:51 (0) ** WMI Service has no dependents: ...................................................................................... OK.
15321 04:06:51 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
15322 04:06:51 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
15323 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15324 04:06:51 (0) ** WMI service DCOM setup: ............................................................................................. OK.
15325 04:06:51 (0) ** WMI components DCOM registrations: .................................................................................. OK.
15326 04:06:51 (0) ** WMI ProgID registrations: ........................................................................................... OK.
15327 04:06:51 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
15328 04:06:51 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
15329 04:06:51 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
15330 04:06:51 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
15331 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15332 04:06:51 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
15333 04:06:51 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
15334 04:06:51 (0) ** - REMOVED ACE:
15335 04:06:51 (0) ** ACEType: &h0
15336 04:06:51 (0) ** ACCESS_ALLOWED_ACE_TYPE
15337 04:06:51 (0) ** ACEFlags: &h0
15338 04:06:51 (0) ** ACEMask: &h1
15339 04:06:51 (0) ** DCOM_RIGHT_EXECUTE
15340 04:06:51 (0) **
15341 04:06:51 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
15342 04:06:51 (0) ** Removing default security will cause some operations to fail!
15343 04:06:51 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
15344 04:06:51 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
15345 04:06:51 (0) **
15346 04:06:51 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
15347 04:06:51 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
15348 04:06:51 (0) ** - REMOVED ACE:
15349 04:06:51 (0) ** ACEType: &h0
15350 04:06:51 (0) ** ACCESS_ALLOWED_ACE_TYPE
15351 04:06:51 (0) ** ACEFlags: &h0
15352 04:06:51 (0) ** ACEMask: &h1
15353 04:06:51 (0) ** DCOM_RIGHT_EXECUTE
15354 04:06:51 (0) **
15355 04:06:51 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
15356 04:06:51 (0) ** Removing default security will cause some operations to fail!
15357 04:06:51 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
15358 04:06:51 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
15359 04:06:51 (0) **
15360 04:06:51 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment' (Launch & Activation Permissions): ........................... MODIFIED.
15361 04:06:51 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
15362 04:06:51 (0) ** - REMOVED ACE:
15363 04:06:51 (0) ** ACEType: &h0
15364 04:06:51 (0) ** ACCESS_ALLOWED_ACE_TYPE
15365 04:06:51 (0) ** ACEFlags: &h0
15366 04:06:51 (0) ** ACEMask: &h1
15367 04:06:51 (0) ** DCOM_RIGHT_EXECUTE
15368 04:06:51 (0) **
15369 04:06:51 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
15370 04:06:51 (0) ** Removing default security will cause some operations to fail!
15371 04:06:51 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
15372 04:06:51 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
15373 04:06:51 (0) **
15374 04:06:51 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
15375 04:06:51 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
15376 04:06:51 (0) ** - ACTUAL ACE:
15377 04:06:51 (0) ** ACEType: &h0
15378 04:06:51 (0) ** ACCESS_ALLOWED_ACE_TYPE
15379 04:06:51 (0) ** ACEFlags: &h2
15380 04:06:51 (0) ** CONTAINER_INHERIT_ACE
15381 04:06:51 (0) ** ACEMask: &h1
15382 04:06:51 (0) ** WBEM_ENABLE
15383 04:06:51 (0) ** - EXPECTED ACE:
15384 04:06:51 (0) ** ACEType: &h0
15385 04:06:51 (0) ** ACCESS_ALLOWED_ACE_TYPE
15386 04:06:51 (0) ** ACEFlags: &h12
15387 04:06:51 (0) ** CONTAINER_INHERIT_ACE
15388 04:06:51 (0) ** INHERITED_ACE
15389 04:06:51 (0) ** ACEMask: &h13
15390 04:06:51 (0) ** WBEM_ENABLE
15391 04:06:51 (0) ** WBEM_METHOD_EXECUTE
15392 04:06:51 (0) ** WBEM_WRITE_PROVIDER
15393 04:06:51 (0) **
15394 04:06:51 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
15395 04:06:51 (0) ** This will cause some operations to fail!
15396 04:06:51 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right.
15397 04:06:51 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
15398 04:06:51 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
15399 04:06:51 (0) ** The security diagnostic is based on the WMI namespace expected defaults.
15400 04:06:51 (0) ** A specific WMI application can always require a security setup different
15401 04:06:51 (0) ** than the WMI security defaults.
15402 04:06:51 (0) **
15403 04:06:51 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
15404 04:06:51 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
15405 04:06:51 (0) ** - ACTUAL ACE:
15406 04:06:51 (0) ** ACEType: &h0
15407 04:06:51 (0) ** ACCESS_ALLOWED_ACE_TYPE
15408 04:06:51 (0) ** ACEFlags: &h2
15409 04:06:51 (0) ** CONTAINER_INHERIT_ACE
15410 04:06:51 (0) ** ACEMask: &h1
15411 04:06:51 (0) ** WBEM_ENABLE
15412 04:06:51 (0) ** - EXPECTED ACE:
15413 04:06:51 (0) ** ACEType: &h0
15414 04:06:51 (0) ** ACCESS_ALLOWED_ACE_TYPE
15415 04:06:51 (0) ** ACEFlags: &h12
15416 04:06:51 (0) ** CONTAINER_INHERIT_ACE
15417 04:06:51 (0) ** INHERITED_ACE
15418 04:06:51 (0) ** ACEMask: &h13
15419 04:06:51 (0) ** WBEM_ENABLE
15420 04:06:51 (0) ** WBEM_METHOD_EXECUTE
15421 04:06:51 (0) ** WBEM_WRITE_PROVIDER
15422 04:06:51 (0) **
15423 04:06:51 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
15424 04:06:51 (0) ** This will cause some operations to fail!
15425 04:06:51 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right.
15426 04:06:51 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
15427 04:06:51 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
15428 04:06:51 (0) ** The security diagnostic is based on the WMI namespace expected defaults.
15429 04:06:51 (0) ** A specific WMI application can always require a security setup different
15430 04:06:51 (0) ** than the WMI security defaults.
15431 04:06:51 (0) **
15432 04:06:51 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
15433 04:06:51 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
15434 04:06:51 (0) ** - REMOVED ACE:
15435 04:06:51 (0) ** ACEType: &h0
15436 04:06:51 (0) ** ACCESS_ALLOWED_ACE_TYPE
15437 04:06:51 (0) ** ACEFlags: &h12
15438 04:06:51 (0) ** CONTAINER_INHERIT_ACE
15439 04:06:51 (0) ** INHERITED_ACE
15440 04:06:51 (0) ** ACEMask: &h13
15441 04:06:51 (0) ** WBEM_ENABLE
15442 04:06:51 (0) ** WBEM_METHOD_EXECUTE
15443 04:06:51 (0) ** WBEM_WRITE_PROVIDER
15444 04:06:51 (0) **
15445 04:06:51 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
15446 04:06:51 (0) ** Removing default security will cause some operations to fail!
15447 04:06:51 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
15448 04:06:51 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
15449 04:06:51 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
15450 04:06:51 (0) ** The security diagnostic is based on the WMI namespace expected defaults.
15451 04:06:51 (0) ** A specific WMI application can always require a security setup different
15452 04:06:51 (0) ** than the WMI security defaults.
15453 04:06:51 (0) **
15454 04:06:51 (0) **
15455 04:06:51 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
15456 04:06:51 (0) ** DCOM security error(s) detected: .................................................................................... 3.
15457 04:06:51 (0) ** WMI security warning(s) detected: ................................................................................... 0.
15458 04:06:51 (0) ** WMI security error(s) detected: ..................................................................................... 3.
15459 04:06:51 (0) **
15460 04:06:51 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
15461 04:06:51 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!
15462 04:06:51 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
15463 04:06:51 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
15464 04:06:51 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".
15465 04:06:51 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
15466 04:06:51 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
15467 04:06:51 (0) ** 'select * from MSFT_SCMEventLogEvent'
15468 04:06:51 (0) **
15469 04:06:51 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
15470 04:06:51 (0) ** INFO: WMI ADAP status: .............................................................................................. 2.
15471 04:06:51 (0) ** => The WMI ADAP process is processing a performance library (2).
15472 04:06:51 (0) ** Some WMI performance classes could be missing at the time WMIDiag was executed.
15473 04:06:51 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)!
15474 04:06:51 (0) ** - ROOT/SERVICEMODEL.
15475 04:06:51 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
15476 04:06:51 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
15477 04:06:51 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
15478 04:06:51 (0) ** i.e. 'WMIC.EXE /NODE:"removed for privicy by coilds" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
15479 04:06:51 (0) **
15480 04:06:51 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
15481 04:06:51 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
15482 04:06:51 (0) ** WMI GET operations: ................................................................................................. OK.
15483 04:06:51 (0) ** WMI MOF representations: ............................................................................................ OK.
15484 04:06:51 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
15485 04:06:51 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
15486 04:06:51 (1) !! ERROR: WMI EXECQUERY operation errors reported: ..................................................................... 1 ERROR(S)!
15487 04:06:51 (0) ** - Root/CIMv2, 'Select * From Win32_NetworkAdapter WHERE AdapterType IS NOT NULL AND AdapterType != "Wide Area Network (WAN)" AND Description != "Packet Scheduler Miniport"' did not return any instance while AT LEAST 1 instance is expected.
15488 04:06:51 (0) **
15489 04:06:51 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
15490 04:06:51 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
15491 04:06:51 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
15492 04:06:51 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
15493 04:06:51 (0) ** WMI static instances retrieved: ..................................................................................... 578.
15494 04:06:51 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
15495 04:06:51 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
15496 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15497 04:06:51 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
15498 04:06:51 (0) ** DCOM: ............................................................................................................. 16.
15499 04:06:51 (0) ** WINMGMT: .......................................................................................................... 0.
15500 04:06:51 (0) ** WMIADAPTER: ....................................................................................................... 0.
15501 04:06:51 (0) ** => Verify the WMIDiag LOG at line #14888 for more details.
15502 04:06:51 (0) **
15503 04:06:51 (0) ** # of additional Event Log events AFTER WMIDiag execution:
15504 04:06:51 (0) ** DCOM: ............................................................................................................. 0.
15505 04:06:51 (0) ** WINMGMT: .......................................................................................................... 0.
15506 04:06:51 (0) ** WMIADAPTER: ....................................................................................................... 0.
15507 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15508 04:06:51 (0) ** WMI Registry key setup: ............................................................................................. OK.
15509 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15510 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15511 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15512 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15513 04:06:51 (0) **
15514 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15515 04:06:51 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
15516 04:06:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
15517 04:06:51 (0) **
15518 04:06:51 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\removed for privicy by coldis\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_"removed for privicy by colids"_2009.04.16_03.56.57.LOG' for details.
15519 04:06:51 (0) **
15520 04:06:51 (0) ** WMIDiag v2.0 ended on 16 April 2009 at 04:06 (W:70 E:11 S:1).

edit due to correcting info
EDIT: Moved to a more appropriate forum

Edited by garmanma, 17 April 2009 - 05:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users