Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acting weird


  • Please log in to reply
65 replies to this topic

#1 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 PM

Posted 29 June 2013 - 03:11 PM

Sorry for the ambiguous title, but it's the best way to describe the computer. I'm running a Windows 7 Home 64 bit laptop.

I think the problem started a few days ago, I haven't done anything different/installed anything recently. Well, it first started when I was playing a game which execute using an Executable Jar File, it would launch, but then would shut down at a certain point at the same point every time (sometimes it would load, but then shut down again straight away). This would also happen with Application files too. It could only launch again if I did a reboot. Also, when I try to open these Application file they create .swf files with seemingly random names.

 

My java also seems to be a little funny, it did create an error log (I think) which is attached to my post. I also have a miniboxtool log attached too (result.txt) and here is my speccy link: http://speccy.piriform.com/results/1zbbmzgfTT2UAhrzt5lQOY3

 

I have no idea what is causing this, but it's really annoying. Any help would be much appreciated. If you want more detail about what I have done already, or just in general feel free to ask me (I had to make this post quite quickly).

 

xXToffeeXx~

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Sarah (administrator) on 29-06-2013 at 20:43:40
Running from "C:\Users\Sarah\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

 

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

 

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection* 8-COMODO Internet Security Firewall Driver-0000" nexthop=25.0.0.1 publish=Yes
set interface interface="Local Area Connection* 8-COMODO Internet Security Firewall Driver-0000" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Sarah-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : AE-B7-0D-37-3B-58
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
   Physical Address. . . . . . . . . : 9C-B7-0D-37-3B-58
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::89cf:c775:462:6310%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 29 June 2013 20:30:27
   Lease Expires . . . . . . . . . . : 30 June 2013 20:30:27
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 312260365
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-CF-F7-38-DC-0E-A1-29-FE-EC
   DNS Servers . . . . . . . . . . . : 156.154.70.22
                                       156.154.71.22
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : DC-0E-A1-29-FE-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B7022845-B568-4343-8C7E-D6259B964DBD}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0BEEAE27-B1FC-4A65-B3E4-D8866394FF3F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:14bd:38a7:aa2d:6e16(Preferred)
   Link-local IPv6 Address . . . . . : fe80::14bd:38a7:aa2d:6e16%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{84FE65FC-ED2D-4A5B-9A90-E49EE94783F5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  156.154.70.22

Name:    google.com
Addresses:  2a00:1450:4001:804::1006
   173.194.112.130
   173.194.112.131
   173.194.112.134
   173.194.112.132
   173.194.112.133
   173.194.112.137
   173.194.112.135
   173.194.112.128
   173.194.112.129
   173.194.112.142
   173.194.112.136

Pinging google.com [173.194.112.195] with 32 bytes of data:
Reply from 173.194.112.195: bytes=32 time=42ms TTL=51
Reply from 173.194.112.195: bytes=32 time=41ms TTL=51

Ping statistics for 173.194.112.195:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 42ms, Average = 41ms
Server:  UnKnown
Address:  156.154.70.22

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=152ms TTL=42
Reply from 98.138.253.109: bytes=32 time=146ms TTL=42

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 146ms, Maximum = 152ms, Average = 149ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=64
Reply from 127.0.0.1: bytes=32 time=2ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 5ms, Average = 3ms
===========================================================================
Interface List
17...ae b7 0d 37 3b 58 ......Microsoft Virtual WiFi Miniport Adapter
12...9c b7 0d 37 3b 58 ......Atheros AR5B97 Wireless Network Adapter
11...dc 0e a1 29 fe ec ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    281
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0         25.0.0.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
15     58 2001::/32                On-link
15    306 2001:0:4137:9e76:14bd:38a7:aa2d:6e16/128
                                    On-link
12    281 fe80::/64                On-link
15    306 fe80::/64                On-link
15    306 fe80::14bd:38a7:aa2d:6e16/128
                                    On-link
12    281 fe80::89cf:c775:462:6310/128
                                    On-link
  1    306 ff00::/8                 On-link
15    306 ff00::/8                 On-link
12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/29/2013 08:31:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/29/2013 11:26:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (06/29/2013 10:35:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57686144

 

Error: (06/29/2013 10:35:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57686144

 

Error: (06/29/2013 10:35:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (06/29/2013 10:35:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57685145

 

Error: (06/29/2013 10:35:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57685145

 

Error: (06/29/2013 10:35:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (06/29/2013 10:35:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57684038

 

Error: (06/29/2013 10:35:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57684038

System errors:
=============
Error: (06/28/2013 03:58:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.153.790.0).

 

Error: (06/20/2013 07:05:01 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.6 did not allow the name to be claimed by
this computer.

 

Error: (06/19/2013 06:56:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer HOLLIE1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7022845-B568-4343-8C7E-D6259B964DBD}.
The master browser is stopping or an election is being forced.

 

Error: (06/13/2013 09:05:17 PM) (Source: DCOM) (User: )
Description: {7160A13D-73DA-4CEA-95B9-37356478588A}

 

Error: (06/09/2013 11:31:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

 

Error: (06/05/2013 03:39:50 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

 

Error: (06/04/2013 07:18:24 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer HOLLIE1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7022845-B568-4343-8C7E-D6259B964DBD}.
The master browser is stopping or an election is being forced.

 

Error: (06/04/2013 05:06:58 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 17:05:43 on ?04/?06/?2013 was unexpected.

 

Error: (06/03/2013 04:16:43 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

 

Error: (06/03/2013 04:16:43 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Microsoft Office Sessions:
=========================
Error: (06/29/2013 08:31:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (06/29/2013 11:26:40 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

 

Error: (06/29/2013 10:35:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57686144

 

Error: (06/29/2013 10:35:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57686144

 

Error: (06/29/2013 10:35:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (06/29/2013 10:35:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57685145

 

Error: (06/29/2013 10:35:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57685145

 

Error: (06/29/2013 10:35:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (06/29/2013 10:35:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 57684038

 

Error: (06/29/2013 10:35:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 57684038

CodeIntegrity Errors:
===================================
  Date: 2013-05-17 17:05:54.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-17 16:53:36.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-17 16:47:16.646
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-16 19:29:56.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-16 19:08:49.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-16 16:23:38.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-15 16:03:21.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-14 19:29:01.362
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-13 16:52:00.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-13 16:23:47.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
4 Elements II (Version: 2.2.0.98)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Photoshop Elements 9 (Version: 9.0)
Adobe Premiere Elements 9 (Version: 9.0)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1489.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2)
Broadcom NetLink Controller (Version: 14.8.4.1)
Camtasia Studio 8 (Version: 8.0.0.878)
CCleaner (Version: 4.02)
Chuzzle Deluxe (Version: 2.2.0.95)
COMODO Firewall (Version: 6.1.14723.2813)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.14)
Dota 2
Dropbox (Version: 2.0.22)
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
ESET Online Scanner v3
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Foxit Reader (Version: 6.0.2.413)
Free Mouse Auto Clicker 3.0
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
Gyazo 1.0
iCloud (Version: 2.1.2.8)
Identity Card (Version: 1.00.3501)
Insaniquarium Deluxe (Version: 2.2.0.97)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2418)
Intel® Rapid Storage Technology (Version: 10.5.0.1026)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Jewel Match 3 (Version: 2.2.0.97)
Jewel Quest Solitaire (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
KeePass Password Safe 1.25 (Version: 1.25)
Kobo (Version: 1.9)
Launch Manager (Version: 5.1.7)
Malwarebytes Anti-Exploit version 0.9.2 beta (Version: 0.9.2 beta)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual Basic PowerPacks 10.0 (Version: 10.0.20911)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Monopoly® (Version: 3.0.2.32)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Neoloucamente Daily Links Visiter (Version: 2.0.0.1)
Nero BackItUp 10 Help (CHM) (Version: 10.6.10700)
Nero Control Center 10 (Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (Version: 10.6.10700)
Nero Core Components 10 (Version: 2.0.18100.8.8)
Nero Express 10 Help (CHM) (Version: 10.6.10700)
Nero RescueAgent 10 Help (CHM) (Version: 10.6.10700)
Opera 12.15 (Version: 12.15.1748)
Packard Bell Games (Version: 1.0.2.5)
Packard Bell Power Management (Version: 6.00.3008)
Packard Bell Recovery Management (Version: 5.00.3504)
Packard Bell Registration (Version: 1.04.3504)
Packard Bell ScreenSaver (Version: 1.1.0915.2011)
Packard Bell Updater (Version: 1.02.3500)
PDF Settings CS6 (Version: 11.0)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Polar Bowler (Version: 2.2.0.97)
Pošta Windows Live (Version: 15.4.3502.0922)
Python 3.3.1 (Version: 3.3.1150)
QuickTime (Version: 7.74.80.86)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (Version: 6.0.1.6329)
Revo Uninstaller 1.94 (Version: 1.94)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Scratch (Version: 1.4.0.0)
Secunia PSI (3.0.0.6005) (Version: 3.0.0.6005)
Skype™ 6.5 (Version: 6.5.158)
Speccy (Version: 1.21)
Spotify (Version: 0.9.0.133.gd18ed589)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.6.1014)
swMSM (Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.10)
TeamSpeak 3 Client (Version: 3.0.6)
The Sims™ 3 (Version: 1.26.89)
The Sims™ 3 Late Night (Version: 6.0.81)
The Sims™ 3 Pets (Version: 10.0.96)
Uninstall Neocodex Program Manager
Unlocker 1.9.2 (Version: 1.9.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
Video Web Camera (Version: 1.0.1904)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.97)
Welcome Center (Version: 1.02.3504)
WildTangent Games (Version: 1.0.4.0)
WildTangent Games App (Version: 4.0.10.2)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
WinPatrol (Version: 28.1.2013.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 5995.86 MB
Available physical RAM: 3085.08 MB
Total Pagefile: 11989.9 MB
Available Pagefile: 8399.57 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.79 MB

 

========================= Partitions: =====================================

1 Drive c: (Packard Bell) (Fixed) (Total:678.54 GB) (Free:586.1 GB) NTFS
2 Drive d: (Sims3EP05) (CDROM) (Total:5.3 GB) (Free:0 GB) UDF

 

========================= Users: ========================================

User accounts for \\SARAH-PC

Administrator            Guest                    Sarah                   

 

========================= Minidump Files ==================================

No minidump file found

 

========================= Restore Points ==================================

18-06-2013 12:18:08 Installed WinDFT
18-06-2013 12:22:17 Revo Uninstaller's restore point - WinDFT
18-06-2013 12:22:37 Removed WinDFT
26-06-2013 13:19:01 Revo Uninstaller's restore point - Avira Free Antivirus
26-06-2013 13:23:21 avast! Free Antivirus Setup
26-06-2013 13:23:48 Revo Uninstaller's restore point - TeamViewer 8
27-06-2013 06:28:12 Windows Update
29-06-2013 16:19:41 Revo Uninstaller's restore point - Java 7 Update 25
29-06-2013 16:20:24 Removed Java 7 Update 25
29-06-2013 16:29:10 Installed Java 7 Update 25

**** End of log ****


Edited by hamluis, 30 June 2013 - 07:47 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:58 AM

Posted 30 June 2013 - 08:33 AM

Hi, Sarah :).

 

I don't see anything that jumps out at me, other than

 

Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.2.
The computer with the IP address 192.168.1.6 did not allow the name to be claimed by
this computer.

 

Error: (06/19/2013 06:56:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer HOLLIE1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7022845-B568-4343-8C7E-D6259B964DBD}.
The master browser is stopping or an election is being forced.

 

I've never seen an error like the first...while the second is a routine thing to anyone with a home network who doesn't consistently boot the same system first (like me)..

 

In the absence of easily observable clues...I would run the chkdsk /r command...and check the functionality of the hard drive by running a diagnostic.

 

The CheckpointZA errors are strange...did you uninstall this program?  There don't appear to be any remnants on the system now.

 

You are running the Comod Internet Security App while using the Avast AV...I don't know if that could cause problems.  Comod makes a standalone firewall, so I'm curious why you would install CIS if you want to use Avast AV.

 

Maybe others can see something more helpful :).

 

Louis



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 PM

Posted 30 June 2013 - 09:33 AM

Hi Louis, thanks for your help :)

 

Yes, some the errors are a little weird. The ips seem to be from Los Angeles from a organisation called Internet Assigned Numbers Authority. I have no idea what "WORKGROUP      :1d" is, and have never that name or anything like it on any computer.

Yeah, I often load up my laptop, before the desktop (which is the master of the homegroup, mainly because the desktop has problems connection to my laptop when I had the homegroup set up on there).

 

I was going to do that since I've already run /sfc scannow with nothing wrong, I just have to choose a time when I'm not using my laptop (I'm on it the majority of the time, although maybe school would be a good time).

 

If the CheckpointZA errors belong to ZoneAccess, then yes I did uninstall it. If not, then I have no idea since I cannot think of another program which would be called something like that. I use revo uninstaller anyway to clean up any leftovers as the number of files that the uninstallers miss amaze me.

 

Hmm, I may have downloaded the wrong thing by mistake, the Comodo anti-virus does get picked up if I run DDS say, but Windows itself does not recognize it (security center only reports Avast!). I made sure to only download the firewall when it did as it did offer me the anti-virus, but I believe the anti-virus installation files are in the COMODO folder somewhere so that could be what it is picking up. I am willing to try and re-install it, but I've had it for a few months now with no problems (I did have a different anti-virus back then though).

 

Thanks again Loius, what you said was very helpful in any case.

 

xXToffeeXx~


Edited by xXToffeeXx, 30 June 2013 - 09:34 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:58 AM

Posted 30 June 2013 - 11:02 AM

COMODO Firewall (Version: 6.1.14723.2813) is only the firewall.

 

You can read this article from Microsoft Support regarding the "failed to install the following update with error 0x8007064".


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 PM

Posted 30 June 2013 - 11:07 AM

COMODO Firewall (Version: 6.1.14723.2813) is only the firewall.

 

You can read this article from Microsoft Support regarding the "failed to install the following update with error 0x8007064".

Uh, the link goes to my topic, might want to edit that, but I'm interested to see the article. I'm guessing it is for the update to windows defender that failed?

 

xXToffeeXx~


Edited by xXToffeeXx, 30 June 2013 - 11:08 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:58 AM

Posted 30 June 2013 - 11:12 AM

There seems to be a glitch with some links when I use the link tool in Reply.

 

Troubleshoot common installation issues in Windows Update, Microsoft Update, and Windows Server Update Services


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 PM

Posted 30 June 2013 - 11:27 AM

Ah, I see.

 

Well I ran the windows troubleshoot using the WindowsFix for that error and it came up with another error it couldn't fix which is Windows Update error 0x8024402C(2013-6-30-T-05_22_21P). Apparently it fixed the other error though (the 0x8007064 one).

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:58 AM

Posted 30 June 2013 - 11:41 AM

Are the proxy or firewall settings the same as the desktop?

 

Once again MS has a article regarding the new error, it can be found here.

 

I would be curious to see what difference if any happens if you boot the desktop first.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 PM

Posted 30 June 2013 - 11:44 AM

My desktop is running AVG firewall I believe, I am running Comodo as you saw. We both run on the same network, same ip, no proxy.

 

I can do that, what you like me to test/run to make sure I am getting the information you want? Also, should I try the fixes in the article?

 

xXToffeeXx~


Edited by xXToffeeXx, 30 June 2013 - 11:45 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:58 AM

Posted 30 June 2013 - 12:07 PM

The Windows website listed the following...  "This problem occurs if the WMI filter is accessed without sufficient permission."

 

I found this article which should shed some light on this as well as provide a means of testing to see if the WMI is the problem.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 PM

Posted 30 June 2013 - 12:29 PM

Well I got a log which I will post, I also got an error (I seem to be getting a lot of them today): WMIDiag.png

Well here's the log anyway, I'm not complete sure about what it is saying, but I think you are on the money about it being something to do with WMI (due to the errors found):

23982 18:23:11 (0) ** WMIDiag v2.1 started on 30 June 2013 at 18:16.
23983 18:23:11 (0) ** 
23984 18:23:11 (0) ** Copyright © Microsoft Corporation. All rights reserved - July 2007.
23985 18:23:11 (0) ** 
23986 18:23:11 (0) ** This script is not supported under any Microsoft standard support program or service.
23987 18:23:11 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
23988 18:23:11 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
23989 18:23:11 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
23990 18:23:11 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
23991 18:23:11 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
23992 18:23:11 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
23993 18:23:11 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
23994 18:23:11 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
23995 18:23:11 (0) ** of the possibility of such damages.
23996 18:23:11 (0) ** 
23997 18:23:11 (0) ** 
23998 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
23999 18:23:11 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
24000 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24001 18:23:11 (0) ** 
24002 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24003 18:23:11 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'SARAH-PC\SARAH' on computer 'SARAH-PC'.
24004 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24005 18:23:11 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
24006 18:23:11 (0) ** INFO: => 2 possible incorrect shutdown(s) detected on:
24007 18:23:11 (0) **          - Shutdown on 25 May 2013 12:24:30 (GMT-0).
24008 18:23:11 (0) **          - Shutdown on 04 June 2013 16:06:58 (GMT-0).
24009 18:23:11 (0) ** 
24010 18:23:11 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #2).
24011 18:23:11 (0) ** Drive type: ......................................................................................................... IDE (Hitachi HTS547575A9E384).
24012 18:23:11 (0) ** There are no missing WMI system files: .............................................................................. OK.
24013 18:23:11 (0) ** There are no missing WMI repository files: .......................................................................... OK.
24014 18:23:11 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
24015 18:23:11 (0) ** AFTER running WMIDiag:
24016 18:23:11 (0) ** The WMI repository has a size of: ................................................................................... 19 MB.
24017 18:23:11 (0) ** - Disk free space on 'C:': .......................................................................................... 599269 MB.
24018 18:23:11 (0) **   - INDEX.BTR,                     4481024 bytes,      30/06/2013 16:01:55
24019 18:23:11 (0) **   - MAPPING1.MAP,                  49132 bytes,        30/06/2013 16:01:30
24020 18:23:11 (0) **   - MAPPING2.MAP,                  49132 bytes,        30/06/2013 16:01:55
24021 18:23:11 (0) **   - OBJECTS.DATA,                  15220736 bytes,     30/06/2013 16:01:55
24022 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24023 18:23:11 (2) !! WARNING: Windows Firewall: .......................................................................................... DISABLED.
24024 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24025 18:23:11 (0) ** DCOM Status: ........................................................................................................ OK.
24026 18:23:11 (0) ** WMI registry setup: ................................................................................................. OK.
24027 18:23:11 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
24028 18:23:11 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
24029 18:23:11 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Manual')
24030 18:23:11 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
24031 18:23:11 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
24032 18:23:11 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
24033 18:23:11 (0) **          this can prevent the service/application to work as expected.
24034 18:23:11 (0) ** 
24035 18:23:11 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
24036 18:23:11 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
24037 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24038 18:23:11 (0) ** WMI service DCOM setup: ............................................................................................. OK.
24039 18:23:11 (0) ** WMI components DCOM registrations: .................................................................................. OK.
24040 18:23:11 (0) ** WMI ProgID registrations: ........................................................................................... OK.
24041 18:23:11 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
24042 18:23:11 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
24043 18:23:11 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
24044 18:23:11 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
24045 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24046 18:23:11 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
24047 18:23:11 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
24048 18:23:11 (0) **    i.e. You can start your scripts or WMIC commands from an elevated command
24049 18:23:11 (0) **         prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
24050 18:23:11 (0) **         selecting 'Run as Administrator'.
24051 18:23:11 (0) **    i.e. You can also execute the WMI scripts or WMIC commands as a task
24052 18:23:11 (0) **         in the Task Scheduler within the right security context.
24053 18:23:11 (0) ** 
24054 18:23:11 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
24055 18:23:11 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
24056 18:23:11 (0) **    privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
24057 18:23:11 (0) **    to ensure that administrative privileges are granted. If a Local User account is used for remote
24058 18:23:11 (0) **    accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
24059 18:23:11 (0) ** 
24060 18:23:11 (0) ** Overall DCOM security status: ....................................................................................... OK.
24061 18:23:11 (0) ** Overall WMI security status: ........................................................................................ OK.
24062 18:23:11 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
24063 18:23:11 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
24064 18:23:11 (0) ** - ROOT/SUBSCRIPTION, CommandLineEventConsumer.Name="BVTConsumer".
24065 18:23:11 (0) **   'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99'
24066 18:23:11 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
24067 18:23:11 (0) **   'select * from MSFT_SCMEventLogEvent'
24068 18:23:11 (0) ** 
24069 18:23:11 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
24070 18:23:11 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 6 ERROR(S)!
24071 18:23:11 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24072 18:23:11 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24073 18:23:11 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24074 18:23:11 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24075 18:23:11 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24076 18:23:11 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24077 18:23:11 (0) ** 
24078 18:23:11 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 7 ERROR(S)!
24079 18:23:11 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24080 18:23:11 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24081 18:23:11 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24082 18:23:11 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24083 18:23:11 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24084 18:23:11 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24085 18:23:11 (0) ** - Root/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24086 18:23:11 (0) ** 
24087 18:23:11 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 51 ERROR(S)!
24088 18:23:11 (0) ** - Root, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24089 18:23:11 (0) **   MOF Registration: ''
24090 18:23:11 (0) ** - ROOT/SUBSCRIPTION, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24091 18:23:11 (0) **   MOF Registration: ''
24092 18:23:11 (0) ** - ROOT/DEFAULT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24093 18:23:11 (0) **   MOF Registration: ''
24094 18:23:11 (0) ** - ROOT/CIMV2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24095 18:23:11 (0) **   MOF Registration: ''
24096 18:23:11 (0) ** - ROOT/CIMV2/SECURITY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24097 18:23:11 (0) **   MOF Registration: ''
24098 18:23:11 (0) ** - ROOT/CIMV2/POWER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24099 18:23:11 (0) **   MOF Registration: ''
24100 18:23:11 (0) ** - ROOT/CIMV2/APPLICATIONS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24101 18:23:11 (0) **   MOF Registration: ''
24102 18:23:11 (0) ** - ROOT/CIMV2/APPLICATIONS/WINDOWSPARENTALCONTROLS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24103 18:23:11 (0) **   MOF Registration: ''
24104 18:23:11 (0) ** - ROOT/CIMV2/APPLICATIONS/GAMES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24105 18:23:11 (0) **   MOF Registration: ''
24106 18:23:11 (0) ** - ROOT/CLI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24107 18:23:11 (0) **   MOF Registration: ''
24108 18:23:11 (0) ** - ROOT/NAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24109 18:23:11 (0) **   MOF Registration: ''
24110 18:23:11 (0) ** - ROOT/SECURITYCENTER2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24111 18:23:11 (0) **   MOF Registration: ''
24112 18:23:11 (0) ** - ROOT/RSOP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24113 18:23:11 (0) **   MOF Registration: ''
24114 18:23:11 (0) ** - ROOT/WMI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24115 18:23:11 (0) **   MOF Registration: ''
24116 18:23:11 (0) ** - ROOT/DIRECTORY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24117 18:23:11 (0) **   MOF Registration: ''
24118 18:23:11 (0) ** - ROOT/DIRECTORY/LDAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24119 18:23:11 (0) **   MOF Registration: ''
24120 18:23:11 (0) ** - ROOT/INTEROP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24121 18:23:11 (0) **   MOF Registration: ''
24122 18:23:11 (0) ** - ROOT/SECURITYCENTER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24123 18:23:11 (0) **   MOF Registration: ''
24124 18:23:11 (0) ** - ROOT/MICROSOFT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24125 18:23:11 (0) **   MOF Registration: ''
24126 18:23:11 (0) ** - ROOT/MICROSOFT/HOMENET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24127 18:23:11 (0) **   MOF Registration: ''
24128 18:23:11 (0) ** - ROOT/ASPNET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24129 18:23:11 (0) **   MOF Registration: ''
24130 18:23:11 (0) ** - Root/CIMV2, MSFT_NetInvalidDriverDependency, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24131 18:23:11 (0) **   MOF Registration: ''
24132 18:23:11 (0) ** - Root/CIMV2, Win32_OsBaselineProvider, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24133 18:23:11 (0) **   MOF Registration: ''
24134 18:23:11 (0) ** - Root/CIMV2, Win32_OsBaseline, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24135 18:23:11 (0) **   MOF Registration: ''
24136 18:23:11 (0) ** - Root/CIMV2, Win32_DriverVXD, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24137 18:23:11 (0) **   MOF Registration: ''
24138 18:23:11 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24139 18:23:11 (0) **   MOF Registration: ''
24140 18:23:11 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24141 18:23:11 (0) **   MOF Registration: ''
24142 18:23:11 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24143 18:23:11 (0) **   MOF Registration: ''
24144 18:23:11 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24145 18:23:11 (0) **   MOF Registration: ''
24146 18:23:11 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24147 18:23:11 (0) **   MOF Registration: ''
24148 18:23:11 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24149 18:23:11 (0) **   MOF Registration: ''
24150 18:23:11 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24151 18:23:11 (0) **   MOF Registration: ''
24152 18:23:11 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24153 18:23:11 (0) **   MOF Registration: ''
24154 18:23:11 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24155 18:23:11 (0) **   MOF Registration: ''
24156 18:23:11 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24157 18:23:11 (0) **   MOF Registration: ''
24158 18:23:11 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24159 18:23:11 (0) **   MOF Registration: ''
24160 18:23:11 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24161 18:23:11 (0) **   MOF Registration: ''
24162 18:23:11 (0) ** - Root/WMI, ReserveDisjoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24163 18:23:11 (0) **   MOF Registration: ''
24164 18:23:11 (0) ** - Root/WMI, ReserveLateCount, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24165 18:23:11 (0) **   MOF Registration: ''
24166 18:23:11 (0) ** - Root/WMI, ReserveJoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24167 18:23:11 (0) **   MOF Registration: ''
24168 18:23:11 (0) ** - Root/WMI, ReserveDelete, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24169 18:23:11 (0) **   MOF Registration: ''
24170 18:23:11 (0) ** - Root/WMI, ReserveBandwidth, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24171 18:23:11 (0) **   MOF Registration: ''
24172 18:23:11 (0) ** - Root/WMI, ReserveCreate, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24173 18:23:11 (0) **   MOF Registration: ''
24174 18:23:11 (0) ** - Root/WMI, SystemConfig_PhyDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24175 18:23:11 (0) **   MOF Registration: ''
24176 18:23:11 (0) ** - Root/WMI, SystemConfig_Video, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24177 18:23:11 (0) **   MOF Registration: ''
24178 18:23:11 (0) ** - Root/WMI, SystemConfig_IDEChannel, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24179 18:23:11 (0) **   MOF Registration: ''
24180 18:23:11 (0) ** - Root/WMI, SystemConfig_NIC, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24181 18:23:11 (0) **   MOF Registration: ''
24182 18:23:11 (0) ** - Root/WMI, SystemConfig_Network, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24183 18:23:11 (0) **   MOF Registration: ''
24184 18:23:11 (0) ** - Root/WMI, SystemConfig_CPU, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24185 18:23:11 (0) **   MOF Registration: ''
24186 18:23:11 (0) ** - Root/WMI, SystemConfig_LogDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24187 18:23:11 (0) **   MOF Registration: ''
24188 18:23:11 (0) ** - Root/WMI, SystemConfig_Power, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24189 18:23:11 (0) **   MOF Registration: ''
24190 18:23:11 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to
24191 18:23:11 (0) **    a lack of buffer refresh of the WMI class provider exposing the WMI performance counters.
24192 18:23:11 (0) **    You can refresh the WMI class provider buffer with the following command:
24193 18:23:11 (0) ** 
24194 18:23:11 (0) **    i.e. 'WINMGMT.EXE /SYNCPERF'
24195 18:23:11 (0) ** 
24196 18:23:11 (0) ** WMI MOF representations: ............................................................................................ OK.
24197 18:23:11 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
24198 18:23:11 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 1 ERROR(S)!
24199 18:23:11 (0) ** - ROOT/WMI, InstancesOfAsync, 'MSMouse', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24200 18:23:11 (0) **   MOF Registration: ''
24201 18:23:11 (0) ** 
24202 18:23:11 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
24203 18:23:11 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
24204 18:23:11 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
24205 18:23:11 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
24206 18:23:11 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
24207 18:23:11 (0) ** WMI static instances retrieved: ..................................................................................... 1695.
24208 18:23:11 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
24209 18:23:11 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
24210 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24211 18:23:11 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
24212 18:23:11 (0) **   DCOM: ............................................................................................................. 0.
24213 18:23:11 (0) **   WINMGMT: .......................................................................................................... 0.
24214 18:23:11 (0) **   WMIADAPTER: ....................................................................................................... 0.
24215 18:23:11 (0) ** 
24216 18:23:11 (0) ** # of additional Event Log events AFTER WMIDiag execution:
24217 18:23:11 (0) **   DCOM: ............................................................................................................. 0.
24218 18:23:11 (0) **   WINMGMT: .......................................................................................................... 0.
24219 18:23:11 (0) **   WMIADAPTER: ....................................................................................................... 0.
24220 18:23:11 (0) ** 
24221 18:23:11 (0) ** 35 error(s) 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action
24222 18:23:11 (0) ** => This error is typically due to insufficient or restricted permissions in the examined system.
24223 18:23:11 (0) ** => ENSURE you are a Full Administrator of the examined system, if the WMI provider or the 
24224 18:23:11 (0) **    WMI system security do not enforce any restrictions.
24225 18:23:11 (0) ** 
24226 18:23:11 (0) ** 
24227 18:23:11 (0) ** 30 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
24228 18:23:11 (0) ** => This error is typically a WMI error. This WMI error is due to:
24229 18:23:11 (0) **    - a missing WMI class definition or object.
24230 18:23:11 (0) **      (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
24231 18:23:11 (0) **      You can correct the missing class definitions by:
24232 18:23:11 (0) **      - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
24233 18:23:11 (0) **      Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
24234 18:23:11 (0) **            (This list can be built on a similar and working WMI Windows installation)
24235 18:23:11 (0) **            The following command line must be used:
24236 18:23:11 (0) **            i.e. 'WMIDiag CorrelateClassAndProvider'
24237 18:23:11 (0) **      Note: When a WMI performance class is missing, you can manually resynchronize performance counters
24238 18:23:11 (0) **            with WMI by starting the ADAP process.
24239 18:23:11 (0) **    - a WMI repository corruption.
24240 18:23:11 (0) **      In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
24241 18:23:11 (0) **      to validate the WMI repository operations.
24242 18:23:11 (0) **    Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
24243 18:23:11 (0) **          executing the WriteInRepository command. To write temporary data from the Root namespace, use:
24244 18:23:11 (0) **          i.e. 'WMIDiag WriteInRepository=Root'
24245 18:23:11 (0) **    - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
24246 18:23:11 (0) **      the WMI repository must be reconstructed.
24247 18:23:11 (0) **    Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
24248 18:23:11 (0) **          otherwise some applications may fail after the reconstruction.
24249 18:23:11 (0) **          This can be achieved with the following command:
24250 18:23:11 (0) **          i.e. 'WMIDiag ShowMOFErrors'
24251 18:23:11 (0) **    Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
24252 18:23:11 (0) **          ALL fixes previously mentioned.
24253 18:23:11 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
24254 18:23:11 (0) ** 
24255 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24256 18:23:11 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)!
24257 18:23:11 (0) ** INFO: Unexpected registry key value:
24258 18:23:11 (0) **   - Current:  HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 0
24259 18:23:11 (0) **   - Expected: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 1
24260 18:23:11 (0) **     From the command line, the registry configuration can be corrected with the following command:
24261 18:23:11 (0) **     i.e. 'REG.EXE Add "HKLM\SOFTWARE\Microsoft\WBEM\CIMOM" /v "Logging" /t "REG_SZ" /d "1" /f'
24262 18:23:11 (0) ** 
24263 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24264 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24265 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24266 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24267 18:23:11 (0) ** 
24268 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24269 18:23:11 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
24270 18:23:11 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24271 18:23:11 (0) ** 
24272 18:23:11 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\USERS\SARAH\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_WIN7_.CLI.SP1.64_SARAH-PC_2013.06.30_18.16.40.LOG' for details.
24273 18:23:11 (0) ** 
24274 18:23:11 (0) ** WMIDiag v2.1 ended on 30 June 2013 at 18:23 (W:50 E:72 S:1).
 
I can also post the logs from the C:\Users\Sarah\AppData\Local\Temp\WUDiagTempFolder path if you want. To add to this, I am only account on this computer, and am an administrator so I do not understand the "Current user does not have permission to perform the action".

 

Thank you for all your help, I do appreciate it a lot.
 

xXToffeeXx~


Edited by xXToffeeXx, 30 June 2013 - 01:24 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:58 AM

Posted 30 June 2013 - 01:38 PM

See if this helps.

 

"0x80041002 (WBEM_E_NOT_FOUND)" error occurs when you try to open a WMI namespace on a computer that is running Windows 7 or Windows Server 2008 R2


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 PM

Posted 30 June 2013 - 02:02 PM

Okay, I've run the hotfix and am running WUDiag to see if there is any change. Hopefully this would have worked, I'll post another log once it has completed.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:58 AM

Posted 30 June 2013 - 02:12 PM

I'll be around.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,071 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:58 PM

Posted 30 June 2013 - 02:12 PM

Got this error again:
 
I think some have changed, but it just seems quite similar to before. Anyway, here's the log:
 
 
24010 20:08:07 (0) ** WMIDiag v2.1 started on 30 June 2013 at 20:01.
24011 20:08:07 (0) ** 
24012 20:08:07 (0) ** Copyright © Microsoft Corporation. All rights reserved - July 2007.
24013 20:08:07 (0) ** 
24014 20:08:07 (0) ** This script is not supported under any Microsoft standard support program or service.
24015 20:08:07 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
24016 20:08:07 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
24017 20:08:07 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
24018 20:08:07 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
24019 20:08:07 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
24020 20:08:07 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
24021 20:08:07 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
24022 20:08:07 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
24023 20:08:07 (0) ** of the possibility of such damages.
24024 20:08:07 (0) ** 
24025 20:08:07 (0) ** 
24026 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24027 20:08:07 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
24028 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24029 20:08:07 (0) ** 
24030 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24031 20:08:07 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'SARAH-PC\SARAH' on computer 'SARAH-PC'.
24032 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24033 20:08:07 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
24034 20:08:07 (0) ** INFO: => 2 possible incorrect shutdown(s) detected on:
24035 20:08:07 (0) **          - Shutdown on 25 May 2013 12:24:30 (GMT-0).
24036 20:08:07 (0) **          - Shutdown on 04 June 2013 16:06:58 (GMT-0).
24037 20:08:07 (0) ** 
24038 20:08:07 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #2).
24039 20:08:07 (0) ** Drive type: ......................................................................................................... IDE (Hitachi HTS547575A9E384).
24040 20:08:07 (0) ** There are no missing WMI system files: .............................................................................. OK.
24041 20:08:07 (0) ** There are no missing WMI repository files: .......................................................................... OK.
24042 20:08:07 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
24043 20:08:07 (0) ** AFTER running WMIDiag:
24044 20:08:07 (0) ** The WMI repository has a size of: ................................................................................... 19 MB.
24045 20:08:07 (0) ** - Disk free space on 'C:': .......................................................................................... 598922 MB.
24046 20:08:07 (0) **   - INDEX.BTR,                     4481024 bytes,      30/06/2013 20:03:47
24047 20:08:07 (0) **   - MAPPING1.MAP,                  49132 bytes,        30/06/2013 16:01:30
24048 20:08:07 (0) **   - MAPPING2.MAP,                  49132 bytes,        30/06/2013 19:57:52
24049 20:08:07 (0) **   - OBJECTS.DATA,                  15220736 bytes,     30/06/2013 20:03:47
24050 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24051 20:08:07 (2) !! WARNING: Windows Firewall: .......................................................................................... DISABLED.
24052 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24053 20:08:07 (0) ** DCOM Status: ........................................................................................................ OK.
24054 20:08:07 (0) ** WMI registry setup: ................................................................................................. OK.
24055 20:08:07 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
24056 20:08:07 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
24057 20:08:07 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Manual')
24058 20:08:07 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
24059 20:08:07 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
24060 20:08:07 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
24061 20:08:07 (0) **          this can prevent the service/application to work as expected.
24062 20:08:07 (0) ** 
24063 20:08:07 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
24064 20:08:07 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
24065 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24066 20:08:07 (0) ** WMI service DCOM setup: ............................................................................................. OK.
24067 20:08:07 (0) ** WMI components DCOM registrations: .................................................................................. OK.
24068 20:08:07 (0) ** WMI ProgID registrations: ........................................................................................... OK.
24069 20:08:07 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
24070 20:08:07 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
24071 20:08:07 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
24072 20:08:07 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
24073 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24074 20:08:07 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
24075 20:08:07 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
24076 20:08:07 (0) **    i.e. You can start your scripts or WMIC commands from an elevated command
24077 20:08:07 (0) **         prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
24078 20:08:07 (0) **         selecting 'Run as Administrator'.
24079 20:08:07 (0) **    i.e. You can also execute the WMI scripts or WMIC commands as a task
24080 20:08:07 (0) **         in the Task Scheduler within the right security context.
24081 20:08:07 (0) ** 
24082 20:08:07 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
24083 20:08:07 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
24084 20:08:07 (0) **    privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
24085 20:08:07 (0) **    to ensure that administrative privileges are granted. If a Local User account is used for remote
24086 20:08:07 (0) **    accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
24087 20:08:07 (0) ** 
24088 20:08:07 (0) ** Overall DCOM security status: ....................................................................................... OK.
24089 20:08:07 (0) ** Overall WMI security status: ........................................................................................ OK.
24090 20:08:07 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
24091 20:08:07 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
24092 20:08:07 (0) ** - ROOT/SUBSCRIPTION, CommandLineEventConsumer.Name="BVTConsumer".
24093 20:08:07 (0) **   'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99'
24094 20:08:07 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
24095 20:08:07 (0) **   'select * from MSFT_SCMEventLogEvent'
24096 20:08:07 (0) ** 
24097 20:08:07 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
24098 20:08:07 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 6 ERROR(S)!
24099 20:08:07 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24100 20:08:07 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24101 20:08:07 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24102 20:08:07 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24103 20:08:07 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24104 20:08:07 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24105 20:08:07 (0) ** 
24106 20:08:07 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 7 ERROR(S)!
24107 20:08:07 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24108 20:08:07 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24109 20:08:07 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24110 20:08:07 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24111 20:08:07 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24112 20:08:07 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24113 20:08:07 (0) ** - Root/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24114 20:08:07 (0) ** 
24115 20:08:07 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 53 ERROR(S)!
24116 20:08:07 (0) ** - Root, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24117 20:08:07 (0) **   MOF Registration: ''
24118 20:08:07 (0) ** - ROOT/SUBSCRIPTION, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24119 20:08:07 (0) **   MOF Registration: ''
24120 20:08:07 (0) ** - ROOT/DEFAULT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24121 20:08:07 (0) **   MOF Registration: ''
24122 20:08:07 (0) ** - ROOT/CIMV2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24123 20:08:07 (0) **   MOF Registration: ''
24124 20:08:07 (0) ** - ROOT/CIMV2/SECURITY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24125 20:08:07 (0) **   MOF Registration: ''
24126 20:08:07 (0) ** - ROOT/CIMV2/POWER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24127 20:08:07 (0) **   MOF Registration: ''
24128 20:08:07 (0) ** - ROOT/CIMV2/APPLICATIONS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24129 20:08:07 (0) **   MOF Registration: ''
24130 20:08:07 (0) ** - ROOT/CIMV2/APPLICATIONS/WINDOWSPARENTALCONTROLS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24131 20:08:07 (0) **   MOF Registration: ''
24132 20:08:07 (0) ** - ROOT/CIMV2/APPLICATIONS/GAMES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24133 20:08:07 (0) **   MOF Registration: ''
24134 20:08:07 (0) ** - ROOT/CLI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24135 20:08:07 (0) **   MOF Registration: ''
24136 20:08:07 (0) ** - ROOT/NAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24137 20:08:07 (0) **   MOF Registration: ''
24138 20:08:07 (0) ** - ROOT/SECURITYCENTER2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24139 20:08:07 (0) **   MOF Registration: ''
24140 20:08:07 (0) ** - ROOT/RSOP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24141 20:08:07 (0) **   MOF Registration: ''
24142 20:08:07 (0) ** - ROOT/WMI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24143 20:08:07 (0) **   MOF Registration: ''
24144 20:08:07 (0) ** - ROOT/DIRECTORY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24145 20:08:07 (0) **   MOF Registration: ''
24146 20:08:07 (0) ** - ROOT/DIRECTORY/LDAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24147 20:08:07 (0) **   MOF Registration: ''
24148 20:08:07 (0) ** - ROOT/INTEROP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24149 20:08:07 (0) **   MOF Registration: ''
24150 20:08:07 (0) ** - ROOT/SECURITYCENTER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24151 20:08:07 (0) **   MOF Registration: ''
24152 20:08:07 (0) ** - ROOT/MICROSOFT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24153 20:08:07 (0) **   MOF Registration: ''
24154 20:08:07 (0) ** - ROOT/MICROSOFT/HOMENET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24155 20:08:07 (0) **   MOF Registration: ''
24156 20:08:07 (0) ** - ROOT/ASPNET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24157 20:08:07 (0) **   MOF Registration: ''
24158 20:08:07 (0) ** - Root/CIMV2, MSFT_NetInvalidDriverDependency, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24159 20:08:07 (0) **   MOF Registration: ''
24160 20:08:07 (0) ** - Root/CIMV2, Win32_OsBaselineProvider, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24161 20:08:07 (0) **   MOF Registration: ''
24162 20:08:07 (0) ** - Root/CIMV2, Win32_OsBaseline, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24163 20:08:07 (0) **   MOF Registration: ''
24164 20:08:07 (0) ** - Root/CIMV2, Win32_DriverVXD, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24165 20:08:07 (0) **   MOF Registration: ''
24166 20:08:07 (0) ** - Root/CIMV2, Win32_PerfFormattedData_BITS_BITSNetUtilization, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24167 20:08:07 (0) **   MOF Registration: ''
24168 20:08:07 (0) ** - Root/CIMV2, Win32_PerfRawData_BITS_BITSNetUtilization, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24169 20:08:07 (0) **   MOF Registration: ''
24170 20:08:07 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24171 20:08:07 (0) **   MOF Registration: ''
24172 20:08:07 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24173 20:08:07 (0) **   MOF Registration: ''
24174 20:08:07 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24175 20:08:07 (0) **   MOF Registration: ''
24176 20:08:07 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24177 20:08:07 (0) **   MOF Registration: ''
24178 20:08:07 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24179 20:08:07 (0) **   MOF Registration: ''
24180 20:08:07 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24181 20:08:07 (0) **   MOF Registration: ''
24182 20:08:07 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24183 20:08:07 (0) **   MOF Registration: ''
24184 20:08:07 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24185 20:08:07 (0) **   MOF Registration: ''
24186 20:08:07 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24187 20:08:07 (0) **   MOF Registration: ''
24188 20:08:07 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24189 20:08:07 (0) **   MOF Registration: ''
24190 20:08:07 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24191 20:08:07 (0) **   MOF Registration: ''
24192 20:08:07 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24193 20:08:07 (0) **   MOF Registration: ''
24194 20:08:07 (0) ** - Root/WMI, ReserveDisjoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24195 20:08:07 (0) **   MOF Registration: ''
24196 20:08:07 (0) ** - Root/WMI, ReserveLateCount, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24197 20:08:07 (0) **   MOF Registration: ''
24198 20:08:07 (0) ** - Root/WMI, ReserveJoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24199 20:08:07 (0) **   MOF Registration: ''
24200 20:08:07 (0) ** - Root/WMI, ReserveDelete, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24201 20:08:07 (0) **   MOF Registration: ''
24202 20:08:07 (0) ** - Root/WMI, ReserveBandwidth, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24203 20:08:07 (0) **   MOF Registration: ''
24204 20:08:07 (0) ** - Root/WMI, ReserveCreate, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24205 20:08:07 (0) **   MOF Registration: ''
24206 20:08:07 (0) ** - Root/WMI, SystemConfig_PhyDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24207 20:08:07 (0) **   MOF Registration: ''
24208 20:08:07 (0) ** - Root/WMI, SystemConfig_Video, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24209 20:08:07 (0) **   MOF Registration: ''
24210 20:08:07 (0) ** - Root/WMI, SystemConfig_IDEChannel, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24211 20:08:07 (0) **   MOF Registration: ''
24212 20:08:07 (0) ** - Root/WMI, SystemConfig_NIC, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24213 20:08:07 (0) **   MOF Registration: ''
24214 20:08:07 (0) ** - Root/WMI, SystemConfig_Network, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24215 20:08:07 (0) **   MOF Registration: ''
24216 20:08:07 (0) ** - Root/WMI, SystemConfig_CPU, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24217 20:08:07 (0) **   MOF Registration: ''
24218 20:08:07 (0) ** - Root/WMI, SystemConfig_LogDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24219 20:08:07 (0) **   MOF Registration: ''
24220 20:08:07 (0) ** - Root/WMI, SystemConfig_Power, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24221 20:08:07 (0) **   MOF Registration: ''
24222 20:08:07 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to
24223 20:08:07 (0) **    a lack of buffer refresh of the WMI class provider exposing the WMI performance counters.
24224 20:08:07 (0) **    You can refresh the WMI class provider buffer with the following command:
24225 20:08:07 (0) ** 
24226 20:08:07 (0) **    i.e. 'WINMGMT.EXE /SYNCPERF'
24227 20:08:07 (0) ** 
24228 20:08:07 (0) ** WMI MOF representations: ............................................................................................ OK.
24229 20:08:07 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
24230 20:08:07 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 1 ERROR(S)!
24231 20:08:07 (0) ** - ROOT/WMI, InstancesOfAsync, 'MSMouse', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24232 20:08:07 (0) **   MOF Registration: ''
24233 20:08:07 (0) ** 
24234 20:08:07 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
24235 20:08:07 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
24236 20:08:07 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
24237 20:08:07 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
24238 20:08:07 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
24239 20:08:07 (0) ** WMI static instances retrieved: ..................................................................................... 1695.
24240 20:08:07 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
24241 20:08:07 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
24242 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24243 20:08:07 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
24244 20:08:07 (0) **   DCOM: ............................................................................................................. 0.
24245 20:08:07 (0) **   WINMGMT: .......................................................................................................... 0.
24246 20:08:07 (0) **   WMIADAPTER: ....................................................................................................... 0.
24247 20:08:07 (0) ** 
24248 20:08:07 (0) ** # of additional Event Log events AFTER WMIDiag execution:
24249 20:08:07 (0) **   DCOM: ............................................................................................................. 0.
24250 20:08:07 (0) **   WINMGMT: .......................................................................................................... 0.
24251 20:08:07 (0) **   WMIADAPTER: ....................................................................................................... 0.
24252 20:08:07 (0) ** 
24253 20:08:07 (0) ** 35 error(s) 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action
24254 20:08:07 (0) ** => This error is typically due to insufficient or restricted permissions in the examined system.
24255 20:08:07 (0) ** => ENSURE you are a Full Administrator of the examined system, if the WMI provider or the 
24256 20:08:07 (0) **    WMI system security do not enforce any restrictions.
24257 20:08:07 (0) ** 
24258 20:08:07 (0) ** 
24259 20:08:07 (0) ** 32 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
24260 20:08:07 (0) ** => This error is typically a WMI error. This WMI error is due to:
24261 20:08:07 (0) **    - a missing WMI class definition or object.
24262 20:08:07 (0) **      (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
24263 20:08:07 (0) **      You can correct the missing class definitions by:
24264 20:08:07 (0) **      - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
24265 20:08:07 (0) **      Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
24266 20:08:07 (0) **            (This list can be built on a similar and working WMI Windows installation)
24267 20:08:07 (0) **            The following command line must be used:
24268 20:08:07 (0) **            i.e. 'WMIDiag CorrelateClassAndProvider'
24269 20:08:07 (0) **      Note: When a WMI performance class is missing, you can manually resynchronize performance counters
24270 20:08:07 (0) **            with WMI by starting the ADAP process.
24271 20:08:07 (0) **    - a WMI repository corruption.
24272 20:08:07 (0) **      In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
24273 20:08:07 (0) **      to validate the WMI repository operations.
24274 20:08:07 (0) **    Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
24275 20:08:07 (0) **          executing the WriteInRepository command. To write temporary data from the Root namespace, use:
24276 20:08:07 (0) **          i.e. 'WMIDiag WriteInRepository=Root'
24277 20:08:07 (0) **    - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
24278 20:08:07 (0) **      the WMI repository must be reconstructed.
24279 20:08:07 (0) **    Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
24280 20:08:07 (0) **          otherwise some applications may fail after the reconstruction.
24281 20:08:07 (0) **          This can be achieved with the following command:
24282 20:08:07 (0) **          i.e. 'WMIDiag ShowMOFErrors'
24283 20:08:07 (0) **    Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
24284 20:08:07 (0) **          ALL fixes previously mentioned.
24285 20:08:07 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
24286 20:08:07 (0) ** 
24287 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24288 20:08:07 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)!
24289 20:08:07 (0) ** INFO: Unexpected registry key value:
24290 20:08:07 (0) **   - Current:  HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 0
24291 20:08:07 (0) **   - Expected: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 1
24292 20:08:07 (0) **     From the command line, the registry configuration can be corrected with the following command:
24293 20:08:07 (0) **     i.e. 'REG.EXE Add "HKLM\SOFTWARE\Microsoft\WBEM\CIMOM" /v "Logging" /t "REG_SZ" /d "1" /f'
24294 20:08:07 (0) ** 
24295 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24296 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24297 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24298 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24299 20:08:07 (0) ** 
24300 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24301 20:08:07 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
24302 20:08:07 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24303 20:08:07 (0) ** 
24304 20:08:07 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\USERS\SARAH\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_WIN7_.CLI.SP1.64_SARAH-PC_2013.06.30_20.00.53.LOG' for details.
24305 20:08:07 (0) ** 
24306 20:08:07 (0) ** WMIDiag v2.1 ended on 30 June 2013 at 20:08 (W:50 E:74 S:1).
 
It just seems my computer does not want to play nice...
 
xXToffeeXx~


Edited by xXToffeeXx, 11 September 2017 - 01:22 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users