Help, Generic Host Process Win32

Its seems like this is the place to ask for help with win32 problems. Not really sure if i have a virus, i scanned with AVG and Kaspersky but none found. But i did find some adware with S&D.

Everytime i start my computer it shows a the "Generic Host Process Win32." I don't have sounds saying "there are no active mixer device available. And the other problem i have is my firewall is turned off. When i try to click on Windows Firewall, it gives me "Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.

I did try windows fix KB894391 -x86-ENU.exe, but it would still come back. Sometimes it works and i would have sound and firewall up again but most of the time it doesn't.

I have Windows XP SP2
Kaspersky AV
HTJ
S&D
Ad-aware
Smitfraudfix

- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
87: 2007-12-01 06:00:33 UTC - RP449 - Installed Windows XP KB894391.
86: 2007-12-01 04:15:59 UTC - RP448 - Installed Windows XP KB894391.
85: 2007-12-01 04:14:07 UTC - RP447 - Installed Kaspersky Internet Security 7.0.
84: 2007-12-01 04:11:32 UTC - RP446 - Installed AVG 7.5
83: 2007-12-01 04:10:21 UTC - RP445 - Removed AVG 7.5


-- First Restore Point --
1: 2007-09-03 03:45:21 UTC - RP363 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as myname.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:41 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\myname\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\myname.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe "
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe "
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146510586609
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4840 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 dvd43llh - c:\windows\system32\drivers\dvd43llh.sys <Not Verified; RIF; DVD For Free>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 Belkin Belkin 11Mbps Wireless USB Network Adapter(R) (Belkin Belkin 11Mbps Wireless USB Network Adapter(R) Service for Belkin 11Mbps Wireless USB Network Adapter) - c:\windows\system32\drivers\bkusbxp.sys (file missing)
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-11-01 and 2007-12-01 -----------------------------

2007-11-30 20:14:41 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-30 20:14:41 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-30 20:14:20 0 d-------- C:\Program Files\Kaspersky Lab
2007-11-30 20:14:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 20:14:18 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-30 20:14:18 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-30 20:11:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-30 19:40:40 0 d-------- C:\KAV
2007-11-30 18:33:41 1448 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-30 18:33:04 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-30 18:33:04 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-30 18:33:04 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-30 18:33:04 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-30 18:33:04 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-30 18:30:45 0 d-------- C:\Program Files\Trend Micro
2007-11-30 14:11:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 12:51:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-30 12:50:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-30 09:18:04 0 d--hs---- C:\FOUND.005


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio "= "cmicnfg.cpl" []
"Pop-Up Stopper "= "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" [05/16/2002 05:32 PM]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian "= "C:\Program Files\PeerGuardian2\pg2.exe" [01/30/2007 12:39 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429} "= C:\PROGRA~1\DVDREG~1\DVDShell.dll [10/09/2004 03:18 PM 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Xpress Mail Personal Edition.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Xpress Mail Personal Edition.lnk
backup=C:\WINDOWS\pss\Xpress Mail Personal Edition.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-aware]
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe +c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

*Newly Created Service* - PGFILTER



-- End of Deckard's System Scanner: finished at 2007-12-01 18:24:46 ------------

 

Hi RED2GAUGE

First, you need to enable system restore, a bad restore point is better then none at all.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

C:\FOUND.005

Then lets get a online scan.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post the Panda results.

Thanks
Geri

 

I don't know if this is important but the first scan restarted my computer in the middle of the scan. So i just scanned the computer again. thanks for replying.

Okay here's what i got from Panda.....

Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\myname\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\myname\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\myname\Desktop\SmitfraudFix\RESTART.EXE
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\myname\Cookies\myname@zedo[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\myname\Cookies\myname@ad.yieldmanager[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\myname\Cookies\myname@mediaplex[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\myname\Cookies\myname@doubleclick[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\myname\Cookies\myname@server.iad.liveperson[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[statse.webtrendslive.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.perf.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.did-it.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\myname\Application Data\Mozilla\Firefox\Profiles\juds57sy.default\COOKIES.TXT[www.burstbeacon.com/]

 

Hi RED2GAUGE
Ok all Panda found were cookies.

Now Smitfraudfix is NOT to be meant as a normal scanner and running it on a computer that is not infected with a infection that it targets could harm your computer.
Therefore it needs to be removed !

Please delete these tools.
smitfraud.exe
dss.exe

These files/folders.
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\SYSTEM32\Process.exe
C:\WINDOWS\SYSTEM32\SrchSTS.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\tmp.reg
C:\Deckard

Now download this, make sure to set it up for Firefox also.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Let me know how things are.

Thanks
Geri

 

looks good. I just restarted my computer and no win32 message. THANK YOU VERY MUCH!

I'll post again tomorrow see how it holds up.


Very cool!

 

Hi
Good.

Let me know.

Geri

 

Well, its still there. I turned on my computer this morning and that win32 message was back. No active mixer and firewall. What should i do next Geri?

 

Hi RED2GAUGE
Ok Lets try this.

Click Start > Run Type in msconfig
Click the Services Tab.
Find Internet Connection Sharing make sure it has a check in the box.
Now look for security center make sure it also has a check in the box.

If they were unchecked, check them click apply then OK. May say to restart your computer, click restart.

Did you install download any programs just before this happened?

 

Internet sharing connection and security center both checked. It wasn't unchecked.

I don't recall installing anything.

But i did try to fix this by searching in the internet and this is what i did... http://forums.techarena.in/showthread.php?t=648030 I did what the last post stated. I was thinking this was a simple fix and maybe this was common.

If i recall anything i'll let you know

 

Hi

Download the WMI Diagnosis Utility from Microsoft. It is a self-extracting exe. Run it then open the folder it creates and double click the WMIDiag.vbs file to start the tool. You may be prompted that wscript is your default scripting engine and WMIDiag will not produce any echo, which is fine, just means you won't see a graphical interface when it runs. Task Manager will show wscript.exe running on the processes tab until it completes. It should also display a message when it completes.

When done, click Start>Run and type %temp% then hit Enter. You will see 3 logs named WMIDIAG-V2.0_XP******
There will be a .log, a .txt and a .csv
Please post the contents of the txt file. It may be large and require splitting into 2 or more posts.

Thanks
Geri

 

there was an error message and wmi could not continue. I was gonna copy it but it closed it self.


11657 22:59:57 (0) ** WMIDiag v2.0 started on Thursday, December 06, 2007 at 22:54.
11658 22:59:57 (0) **
11659 22:59:57 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
11660 22:59:57 (0) **
11661 22:59:57 (0) ** This script is not supported under any Microsoft standard support program or service.
11662 22:59:57 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
11663 22:59:57 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
11664 22:59:57 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
11665 22:59:57 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
11666 22:59:57 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
11667 22:59:57 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
11668 22:59:57 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
11669 22:59:57 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
11670 22:59:57 (0) ** of the possibility of such damages.
11671 22:59:57 (0) **
11672 22:59:57 (0) **
11673 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11674 22:59:57 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
11675 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11676 22:59:57 (0) **
11677 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11678 22:59:57 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'MYNAME-10152558\MYNAME' on computer 'MYNAME-10152558'.
11679 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11680 22:59:57 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
11681 22:59:57 (0) ** INFO: => 3 incorrect shutdown(s) detected on:
11682 22:59:57 (0) ** - Shutdown on 29 November 2007 18:09:02 (GMT+8).
11683 22:59:57 (0) ** - Shutdown on 30 November 2007 09:28:31 (GMT+8).
11684 22:59:57 (0) ** - Shutdown on 03 December 2007 04:54:29 (GMT+8).
11685 22:59:57 (0) **
11686 22:59:57 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0).
11687 22:59:57 (0) ** Drive type: ......................................................................................................... IDE (ST3200822A).
11688 22:59:57 (0) ** There are no missing WMI system files: .............................................................................. OK.
11689 22:59:57 (0) ** There are no missing WMI repository files: .......................................................................... OK.
11690 22:59:57 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
11691 22:59:57 (0) ** BEFORE running WMIDiag:
11692 22:59:57 (0) ** The WMI repository has a size of: ................................................................................... 6 MB.
11693 22:59:57 (0) ** - Disk free space on 'C:': .......................................................................................... 175376 MB.
11694 22:59:57 (0) ** - INDEX.BTR, 1048576 bytes, 12/6/2007 10:50:34 PM
11695 22:59:57 (0) ** - INDEX.MAP, 536 bytes, 12/6/2007 10:51:34 PM
11696 22:59:57 (0) ** - MAPPING.VER, 4 bytes, 12/6/2007 10:51:34 PM
11697 22:59:57 (0) ** - MAPPING1.MAP, 3360 bytes, 12/6/2007 10:51:34 PM
11698 22:59:57 (0) ** - MAPPING2.MAP, 3360 bytes, 12/6/2007 10:50:34 PM
11699 22:59:57 (0) ** - OBJECTS.DATA, 5734400 bytes, 12/6/2007 10:50:34 PM
11700 22:59:57 (0) ** - OBJECTS.MAP, 2824 bytes, 12/6/2007 10:51:34 PM
11701 22:59:57 (0) ** AFTER running WMIDiag:
11702 22:59:57 (0) ** The WMI repository has a size of: ................................................................................... 6 MB.
11703 22:59:57 (0) ** - Disk free space on 'C:': .......................................................................................... 175376 MB.
11704 22:59:57 (0) ** - INDEX.BTR, 1048576 bytes, 12/6/2007 10:55:34 PM
11705 22:59:57 (0) ** - INDEX.MAP, 536 bytes, 12/6/2007 10:55:34 PM
11706 22:59:57 (0) ** - MAPPING.VER, 4 bytes, 12/6/2007 10:55:36 PM
11707 22:59:57 (0) ** - MAPPING1.MAP, 3360 bytes, 12/6/2007 10:55:36 PM
11708 22:59:57 (0) ** - MAPPING2.MAP, 3360 bytes, 12/6/2007 10:55:28 PM
11709 22:59:57 (0) ** - OBJECTS.DATA, 5734400 bytes, 12/6/2007 10:55:34 PM
11710 22:59:57 (0) ** - OBJECTS.MAP, 2824 bytes, 12/6/2007 10:55:36 PM
11711 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11712 22:59:57 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
11713 22:59:57 (0) ** Windows Firewall Profile: ........................................................................................... STANDARD.
11714 22:59:57 (0) ** Windows Firewall 'RemoteAdmin' status: .............................................................................. DISABLED.
11715 22:59:57 (0) ** => This will prevent any WMI remote connectivity to this machine.
11716 22:59:57 (0) ** - You can adjust the configuration by executing the following command:
11717 22:59:57 (0) ** i.e. 'NETSH.EXE FIREWALL SET SERVICE REMOTEADMIN ENABLE SUBNET'
11718 22:59:57 (0) **
11719 22:59:57 (0) ** Windows Firewall application exception for 'UNSECAPP.EXE': .......................................................... MISSING.
11720 22:59:57 (0) ** => This will prevent any script and MMC application asynchronous callbacks to this machine.
11721 22:59:57 (0) ** - You can adjust the configuration by executing the following command:
11722 22:59:57 (0) ** i.e. 'NETSH.EXE FIREWALL SET ALLOWEDPROGRAM C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE'
11723 22:59:57 (0) **
11724 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11725 22:59:57 (0) ** DCOM Status: ........................................................................................................ OK.
11726 22:59:57 (0) ** WMI registry setup: ................................................................................................. OK.
11727 22:59:57 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
11728 22:59:57 (0) ** - Security Center (*) (WSCSVC, StartMode='Automatic')
11729 22:59:57 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (*) (SHAREDACCESS, StartMode='Automatic')
11730 22:59:57 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
11731 22:59:57 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
11732 22:59:57 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
11733 22:59:57 (0) ** this can prevent the service/application to work as expected.
11734 22:59:57 (0) **
11735 22:59:57 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
11736 22:59:57 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
11737 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11738 22:59:57 (0) ** WMI service DCOM setup: ............................................................................................. OK.
11739 22:59:57 (0) ** WMI components DCOM registrations: .................................................................................. OK.
11740 22:59:57 (0) ** WMI ProgID registrations: ........................................................................................... OK.
11741 22:59:57 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
11742 22:59:57 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
11743 22:59:57 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
11744 22:59:57 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
11745 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11746 22:59:57 (0) ** Overall DCOM security status: ....................................................................................... OK.
11747 22:59:57 (0) ** Overall WMI security status: ........................................................................................ OK.
11748 22:59:57 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
11749 22:59:57 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
11750 22:59:57 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name= "Microsoft WMI Updating Consumer Scenario Control ".
11751 22:59:57 (0) ** 'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
11752 22:59:57 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name= "SCM Event Log Consumer ".
11753 22:59:57 (0) ** 'select * from MSFT_SCMEventLogEvent'
11754 22:59:57 (0) **
11755 22:59:57 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
11756 22:59:57 (0) ** WMI ADAP status: .................................................................................................... OK.
11757 22:59:57 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
11758 22:59:57 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
11759 22:59:57 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 1 ERROR(S)!
11760 22:59:57 (0) ** - Root/CIMv2, Win32_PerfRawData_PerfOS_Objects, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
11761 22:59:57 (0) ** MOF Registration: 'No located MOF file (exception)'
11762 22:59:57 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_PerfOS_Objects'), it is generally due to
11763 22:59:57 (0) ** a synchronization issue between the performance counters and WMI.
11764 22:59:57 (0) ** The AutoDiscovery/AutoPurge (ADAP) process logs informative events in the Windows NT event log.
11765 22:59:57 (0) ** More information can be found on MSDN at:
11766 22:59:57 (0) ** http://msdn.microsoft.com/library/d...n-us/wmisdk/wmi/wmi_adap_event_log_events.asp
11767 22:59:57 (0) **
11768 22:59:57 (0) ** - The last time the ADAP process was STARTED was the '26 July 2007 14:32:30:015000 (GMT+8)'.
11769 22:59:57 (0) ** - The last time the ADAP process was STOPPED was the '26 July 2007 14:32:30:531000 (GMT+8)'.
11770 22:59:57 (0) ** - The latest ADAP process status is 'The WMI ADAP process has finished (4).'.
11771 22:59:57 (0) **
11772 22:59:57 (0) ** You can attempt to resynchronize the WMI performance classes with the existing Windows
11773 22:59:57 (0) ** performance counters with the following commands:
11774 22:59:57 (0) ** i.e. 'WINMGMT.EXE /CLEARADAP'
11775 22:59:57 (0) ** i.e. 'WINMGMT.EXE /RESYNCPERF'
11776 22:59:57 (0) **
11777 22:59:57 (0) ** WMI MOF representations: ............................................................................................ OK.
11778 22:59:57 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
11779 22:59:57 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 3 ERROR(S)!
11780 22:59:57 (0) ** - ROOT/WMI, SubClassesOf, '*', 0x80041001 - (WBEM_E_FAILED) Call failed.
11781 22:59:57 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
11782 22:59:57 (0) ** - ROOT/CIMV2, SubClassesOf, '*', 0x80041001 - (WBEM_E_FAILED) Call failed.
11783 22:59:57 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
11784 22:59:57 (0) ** - Root/CIMv2, InstancesOf, 'Win32_PerfFormattedData_PerfOS_Objects', 0x80041010 - (WBEM_E_INVALID_CLASS) Specified class is not valid.
11785 22:59:57 (0) ** MOF Registration: 'C:\WINDOWS\SYSTEM32\WBEM\WMI.MOF'
11786 22:59:57 (0) **
11787 22:59:57 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
11788 22:59:57 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
11789 22:59:57 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
11790 22:59:57 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
11791 22:59:57 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
11792 22:59:57 (0) ** WMI static instances retrieved: ..................................................................................... 145.
11793 22:59:57 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
11794 22:59:57 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
11795 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11796 22:59:57 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
11797 22:59:57 (0) ** DCOM: ............................................................................................................. 7.
11798 22:59:57 (0) ** WINMGMT: .......................................................................................................... 0.
11799 22:59:57 (0) ** WMIADAPTER: ....................................................................................................... 0.
11800 22:59:57 (0) ** => Verify the WMIDiag LOG at line #11254 for more details.
11801 22:59:57 (0) **
11802 22:59:57 (0) ** # of additional Event Log events AFTER WMIDiag execution:
11803 22:59:57 (0) ** DCOM: ............................................................................................................. 0.
11804 22:59:57 (0) ** WINMGMT: .......................................................................................................... 0.
11805 22:59:57 (0) ** WMIADAPTER: ....................................................................................................... 0.
11806 22:59:57 (0) **
11807 22:59:57 (0) ** 1 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
11808 22:59:57 (0) ** => This error is typically a WMI error. This WMI error is due to:
11809 22:59:57 (0) ** - a missing WMI class definition or object.
11810 22:59:57 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
11811 22:59:57 (0) ** You can correct the missing class definitions by:
11812 22:59:57 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
11813 22:59:57 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
11814 22:59:57 (0) ** (This list can be built on a similar and working WMI Windows installation)
11815 22:59:57 (0) ** The following command line must be used:
11816 22:59:57 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
11817 22:59:57 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
11818 22:59:57 (0) ** with WMI by starting the ADAP process.
11819 22:59:57 (0) ** - a WMI repository corruption.
11820 22:59:57 (0) ** Under Windows XP SP2, you can validate the repository consistency
11821 22:59:57 (0) ** by executing the following command:
11822 22:59:57 (0) ** i.e. 'WMIDiag CheckConsistency'
11823 22:59:57 (0) ** Note: Under Windows XP SP2, when the repository is checked and detected INCONSISTENT,
11824 22:59:57 (0) ** a new repository is automatically re-created based on Auto-Recovery mechanism.
11825 22:59:57 (0) ** Note that some information can be lost during this process (i.e. static data, CIM registration).
11826 22:59:57 (0) ** However, the original repository is located at 'C:\WINDOWS\SYSTEM32\WBEM\Repository.001'.
11827 22:59:57 (0) ** The computer must be rebooted for the system to work with the re-created repository.
11828 22:59:57 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
11829 22:59:57 (0) ** otherwise some applications may fail after the reconstruction.
11830 22:59:57 (0) ** This can be achieved with the following command:
11831 22:59:57 (0) ** i.e. 'WMIDiag ShowMOFErrors'
11832 22:59:57 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
11833 22:59:57 (0) ** ALL fixes previously mentioned.
11834 22:59:57 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
11835 22:59:57 (0) **
11836 22:59:57 (0) **
11837 22:59:57 (0) ** 2 error(s) 0x80041001 - (WBEM_E_FAILED) Call failed
11838 22:59:57 (0) ** => This error is typically a WMI system error. WMI system errors can find their origins in:
11839 22:59:57 (0) ** - Failing WMI system components (see any missing WMI system files or DCOM registration
11840 22:59:57 (0) ** issues previously mentioned).
11841 22:59:57 (0) ** - Failing WMI providers (see any WMI provider DCOM registration
11842 22:59:57 (0) ** issues previously mentioned).
11843 22:59:57 (0) ** - Failing operation in WMI providers because the underlying component queried by the WMI
11844 22:59:57 (0) ** provider is not available (i.e. not installed, not running or not available).
11845 22:59:57 (0) ** - Corrupted WMI repository.
11846 22:59:57 (0) ** - Under Windows XP SP2, you can validate the repository consistency
11847 22:59:57 (0) ** by executing the following command:
11848 22:59:57 (0) ** i.e. 'WMIDiag CheckConsistency'
11849 22:59:57 (0) ** Note: Under Windows XP SP2, when the repository is checked and detected INCONSISTENT,
11850 22:59:57 (0) ** a new repository is automatically re-created based on Auto-Recovery mechanism.
11851 22:59:57 (0) ** Note that some information can be lost during this process (i.e. static data, CIM registration).
11852 22:59:57 (0) ** However, the original repository is located at 'C:\WINDOWS\SYSTEM32\WBEM\Repository.001'.
11853 22:59:57 (0) ** The computer must be rebooted for the system to work with the re-created repository.
11854 22:59:57 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
11855 22:59:57 (0) ** otherwise some applications may fail after the reconstruction.
11856 22:59:57 (0) ** This can be achieved with the following command:
11857 22:59:57 (0) ** i.e. 'WMIDiag ShowMOFErrors'
11858 22:59:57 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
11859 22:59:57 (0) ** ALL fixes previously mentioned.
11860 22:59:57 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
11861 22:59:57 (0) **
11862 22:59:57 (0) **
11863 22:59:57 (0) ** 1 error(s) 0x80041010 - (WBEM_E_INVALID_CLASS) Specified class is not valid
11864 22:59:57 (0) ** => This error is typically due to missing or invalid WMI classes in the repository.
11865 22:59:57 (0) ** - Verify any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures.
11866 22:59:57 (0) ** => You can correct the missing class definitions by:
11867 22:59:57 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
11868 22:59:57 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
11869 22:59:57 (0) ** (This list can be built on a similar and working WMI Windows installation)
11870 22:59:57 (0) ** The following command line must be used:
11871 22:59:57 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
11872 22:59:57 (0) **
11873 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11874 22:59:57 (0) ** WMI Registry key setup: ............................................................................................. OK.
11875 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11876 22:59:57 (1) !! ERROR: MOF file(s) present in the WBEM folder not referenced in the Auto-Recovery list: ............................. 18 ERROR(S)!
11877 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\CLIEGALIASES.MFL (*)
11878 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\CLIEGALIASES.MOF (*)
11879 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FCONPROV.MFL (*)
11880 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FCONPROV.MOF (*)
11881 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\NCPROV.MFL (*)
11882 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\NCPROV.MOF (*)
11883 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SCRCONS.MFL (*)
11884 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SCRCONS.MOF (*)
11885 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SMTPCONS.MFL (*)
11886 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SMTPCONS.MOF (*)
11887 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\TMPLPROV.MFL (*)
11888 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\TMPLPROV.MOF (*)
11889 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\TRNSPROV.MFL (*)
11890 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\TRNSPROV.MOF (*)
11891 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\UPDPROV.MFL (*)
11892 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\UPDPROV.MOF (*)
11893 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMCONS.MFL (*)
11894 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMCONS.MOF (*)
11895 22:59:57 (0) ** => After fixing all other issues previously mentioned, if the WMI repository is rebuilt,
11896 22:59:57 (0) ** the listed MOF file(s) will not be recompiled, and therefore the definition they contain
11897 22:59:57 (0) ** will not be available in the WMI repository.
11898 22:59:57 (0) ** => You must manually recompile the MOF file(s) with the 'MOFCOMP.EXE <FileName.MOF>' command.
11899 22:59:57 (0) ** => If you want the MOF file(s) to be part of the Auto-Recovery list, make sure the
11900 22:59:57 (0) ** statement '#PRAGMA AUTORECOVER' is included.
11901 22:59:57 (0) ** Note: MOF file(s) marked with (*) are NEVER included AT SETUP in the auto-recovery process.
11902 22:59:57 (0) ** MOF file(s) containing UNINSTALL statements (i.e. '#PRAGMA DELETECLASS') should NEVER be included in the auto-recovery process.
11903 22:59:57 (0) ** Refer to the list of MOF files below NOT containing the '#PRAGMA AUTORECOVER' statement' for more information.
11904 22:59:57 (0) **
11905 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11906 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11907 22:59:57 (1) !! ERROR: MOF file(s) not containing the '#PRAGMA AUTORECOVER' statement: .............................................. 24 FILE(S)!
11908 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FCONPROV.MFL
11909 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FCONPROV.MOF
11910 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\NCPROV.MFL (DELETE)
11911 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\NCPROV.MOF (DELETE)
11912 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SCRCONS.MFL
11913 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SCRCONS.MOF
11914 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SMTPCONS.MFL
11915 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SMTPCONS.MOF
11916 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\TMPLPROV.MFL (DELETE)
11917 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\TMPLPROV.MOF (DELETE)
11918 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\TRNSPROV.MFL
11919 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\TRNSPROV.MOF
11920 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\UPDPROV.MFL (DELETE)
11921 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\UPDPROV.MOF (DELETE)
11922 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMCONS.MFL
11923 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WBEMCONS.MOF
11924 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SCM.MOF (DELETE) (*)
11925 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FEVPROV.MOF (*)
11926 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\FEVPROV.MFL (*)
11927 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WMITIMEP.MOF (*)
11928 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WMITIMEP.MFL (*)
11929 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\EVNTRPRV.MOF (*)
11930 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\CMDEVTGPROV.MOF (*)
11931 22:59:57 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\WHQLPROV.MOF (*)
11932 22:59:57 (0) ** => MOF file(s) marked with (*) are INCLUDED in the AUTO-RECOVERY LIST even if they do NOT contain the '#PRAGMA AUTORECOVER' statement.
11933 22:59:57 (0) ** If the WMI repository is rebuilt, the listed MOF files not included in the AUTO-RECOVERY LIST and
11934 22:59:57 (0) ** missing the '#PRAGMA AUTORECOVERY' statement when they are compiled the first time will NOT
11935 22:59:57 (0) ** be recompiled during the repository reconstruction.
11936 22:59:57 (0) ** Note: If you want the MOF file to be part of the AUTO-RECOVERY LIST, make sure the statement '#PRAGMA AUTORECOVER'
11937 22:59:57 (0) ** is included and recompile the MOF/MFL with the following command:
11938 22:59:57 (0) ** i.e. 'MOFCOMP.EXE <FileName.MOF>'
11939 22:59:57 (0) **
11940 22:59:57 (0) ** => MOF file(s) marked with (DELETE) contains class and instance DELETE statements.
11941 22:59:57 (0) ** Usually, MOF with DELETE statements are used to UNinstall components and they should NOT be listed in the AUTORECOVERY LIST
11942 22:59:57 (0) ** and therefore they should NOT specify the '#PRAGMA AUTORECOVER' statement.
11943 22:59:57 (0) ** Note: It happens that some MOF files do contain DELETE statements for installation purposes to delete
11944 22:59:57 (0) ** existing information before it is recreated.
11945 22:59:57 (0) **
11946 22:59:57 (0) ** Note: It is also possible that the application implemented its own recovery mechanism.
11947 22:59:57 (0) ** In that case, no action is required. You must verify with the application vendor
11948 22:59:57 (0) ** if the application has this capability (i.e. Microsoft SMS)
11949 22:59:57 (0) **
11950 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11951 22:59:57 (0) **
11952 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11953 22:59:57 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
11954 22:59:57 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
11955 22:59:57 (0) **
11956 22:59:57 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\MYNAME\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_MYNAME-10152558_2007.12.06_22.54.23.LOG' for details.
11957 22:59:57 (0) **
11958 22:59:57 (0) ** WMIDiag v2.0 ended on Thursday, December 06, 2007 at 22:59 (W:53 E:12 S:1).

 

Hi RED2GAUGE,

I'm analyzing your WMI report and need to see the .log file created. I don't want you to post it due to the nature of some of the information provided in the log. Please attach it in an email to me for review. Put RE: smitRem in the email subject line.

%temp%\WMIDIAG-V2.0_XP___.CLI.SP2.32_MYNAME-10152558_2007.12.06_22.54.23.LOG

 

Sent the .log you ask for, sent it twice for to be sure you received it. If not let me know

Thanks to both of you for taking the time.

 

Hi RED2GAUGE
I removed your email address, to protect you from spammers.

Dave will post here or PM you if needed.

Geri

 

A few things to do, to start with, based on the log file you sent.

Highlight and copy the bolded command below.

WINMGMT.EXE /CLEARADAP

Now click Start>Run and paste the command on the Run line then hit enter. Repeat with the next bolded command.

WINMGMT.EXE /RESYNCPERF

Then this one.

"%systemroot%\system32\wbem\MOFCOMP.exe" "%systemroot%\system32\wbem\wmi.mof "

Then this one.

sc config BITS start= auto

And now this one. (although it looks like two lines, it's all one command .... highlight and copy the whole thing)

regedit.exe /e "%userprofile%\desktop\SharedAccess.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess "

And finally this one.

regedit.exe /e "%userprofile%\desktop\wscsvc.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc "

The last two commands will each create a registry file on your desktop; SharedAccess.reg and wscsvc.reg
Right click either one and select Send To>Compressed (zipped) folder. It will create a zip file of the same name on your desktop. Now left click and hold the other reg file, then drag it on top of the zip and release (drop) it to add it to the zip. Now attach the zip file to an email and send it to me. The log showed there was a missing value from each of those registry keys and prior to fixing it I want to make sure there isn't anything else missing or incorrect in them.

Restart your computer and run the WMI Diagnosis utility again, then send me the new log file. Please send it as an attachment rather than copy/pasting. As you can imagine, with over 11,000 lines of text, it will take some time for me to analyze the log. Hang in there!

 

Sent both of them.

There is a windows update, should i install or wait till this is taken care of?

And i did notice whenever i restart/start my computer and click on my log name right away, win32 does not show itself. But if i wait for about a minute or two to click on my log name, it shows it self. Just thought this might be helpful, maybe not.

thank you for taking time to help me and there is no rush, take your time.

 

You can install the update. It shouldn't have any effect on what we're doing.

I didn't receive your email. Please re-send.

 

email sent, attached both to one email. Subject is "wmilog and shared access zip.

thanks

 

Got it! It's late now, so I'll try to look it over tomorrow evening and let you know something.

 

Highlight and copy the contents of the code box below to a blank notepad. Save it to the desktop as;

Filename: fix.reg
Save as type: All Files (*.*)

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
 "DependOnService "=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "DoNotAllowExceptions "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
 "DependOnService "=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00

Double click fix.reg and allow it to merge with the registry.
Restart the computer. Let me know if the Firewall starts, ICS service starts and if the error message persists.