Empty network connections folder

I thank you for the opportunity to post on this site, I just wished I knew where to post.

My System is based an ASUS A8N-SLI with an ATI x600 graphics card. I recently started losing more and more functionality with my PC and I still do not know what is triggering it:
A) Malware
B) Defective hardware
C) Defective software
D) A combination of any

The symptoms:
1) On Boot I get the generic host process 32 problem associated with the svchost.exe generated error message
2) I cannot install any applications using windows installer or repair the installer itself ( no installing or upgrading of windows live and anti-virus)
3) I cannot install silent runners (I get script requires windows management Instrumentation (WMI) to run
4) While I can surf the Internet, log on to windows live messenger, I cannot update programs files like Spybot or f-prot to upgrade without reporting errors...

What I use:
F-Prot 3.16f
Ad-aware
Fprot
Comodo firewall pro 2.4.17.183
IE 7.0.5730.11







So this is what I have tried unsuccesfully:
1) Turned of all services.msc and rebooted
2) Try to change the extensions and reinstall the installer
3) Chkdsk and memory checks
4) Ipconfig /release and /renew ( I get a media disconnected message)


Logfile of HijackThis v1.99.1
Scan saved at 11:47:48 AM, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MoodLogic\Service\Updater.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Home\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PluginCamera] C:\Program Files\Intel\Createshare\program\starter.exe -regargs "\\Commands\RegPlug "
O4 - HKLM\..\Run: [MoodLogic Updater] C:\Program Files\MoodLogic\Service\Updater.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe "
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CompleteTimeTrackingStd] "C:\Program Files\Complete Time Tracking Std 2\CompleteTimeTrackingStd.exe "
O4 - HKCU\..\Run: [Handy Backup 4.0] "C:\Program Files\Novosoft\Handy Backup\hbagent.exe" -logon
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe


SO please point me in a direction..

DCW

 

Check to see that the WMI service is running. Click start>run and type services.msc. Scroll down to Windows Management Instrumentation and make sure that it's startup type is set to automatic. If not, double click on it and in the next window, where it says startup type, select automatic. Then, just below that where it says service status, click the start button. Below is the description it gives for the service.

Then see if things work differently for you.

Also, there's a service called Windows Management Instrumentation Driver Extensions. Mine is set to manual and I've never changed it so my guess is that manual is the default. I don't know if it would be related to this but you should probably set it to manual if it should happen to be disabled.

As for your hijack this log, I don't really see anything bad in it but I must admit that hijack this logs aren't really my strong suit. Check out what I mentioned first. If that's not your problem or part of it, perhaps I can get somebody to take a peek at your log for you. One thing though. I noticed you ran it from the desktop. You should make a folder in Windows Explorer for it and run it out of that. It has something to do with backup files it makes I believe. Not real sure on that but I know they'll want you to run it out of it's own folder. You might as well go ahead and do that and then post the log here again.

 

WMI running in services

WMI is running on automatic in services.msc to no avail.

I ran wmidiag.exe to see why it wasn't Happy...

Here are the results... I would have rathered send a file but I guess this is safer for now

.1531 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1532 16:55:58 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
.1533 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1534 16:55:58 (0) **
.1535 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1536 16:55:58 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'AMD64-3500\HOME' on computer 'AMD64-3500'.
.1537 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1538 16:55:58 (0) ** Environment: ........................................................................................................ OK..
.1539 16:55:58 (0) ** There are no missing WMI system files: .............................................................................. OK.
.1540 16:55:58 (0) ** There are no missing WMI repository files: .......................................................................... OK.
.1541 16:55:58 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
.1542 16:55:58 (0) ** BEFORE running WMIDiag:
.1543 16:55:58 (0) ** The WMI repository has a size of: ................................................................................... 8 MB.
.1544 16:55:58 (0) ** - Disk free space on 'C:': .......................................................................................... 1871 MB.
.1545 16:55:58 (0) ** - INDEX.BTR, 1490944 bytes, 06/02/2007 7:36:22 AM
.1546 16:55:58 (0) ** - INDEX.MAP, 808 bytes, 15/02/2007 4:52:30 PM
.1547 16:55:58 (0) ** - MAPPING.VER, 4 bytes, 15/02/2007 4:52:30 PM
.1548 16:55:58 (0) ** - MAPPING1.MAP, 4160 bytes, 15/02/2007 4:52:30 PM
.1549 16:55:58 (0) ** - MAPPING2.MAP, 4160 bytes, 14/02/2007 1:09:18 PM
.1550 16:55:58 (0) ** - OBJECTS.DATA, 6832128 bytes, 06/02/2007 7:36:22 AM
.1551 16:55:58 (0) ** - OBJECTS.MAP, 3376 bytes, 15/02/2007 4:52:30 PM
.1552 16:55:58 (0) ** AFTER running WMIDiag:
.1553 16:55:58 (0) ** The WMI repository has a size of: ................................................................................... 8 MB.
.1554 16:55:58 (0) ** - Disk free space on 'C:': .......................................................................................... 1863 MB.
.1555 16:55:58 (0) ** - INDEX.BTR, 1490944 bytes, 06/02/2007 7:36:22 AM
.1556 16:55:58 (0) ** - INDEX.MAP, 808 bytes, 15/02/2007 4:52:30 PM
.1557 16:55:58 (0) ** - MAPPING.VER, 4 bytes, 15/02/2007 4:52:30 PM
.1558 16:55:58 (0) ** - MAPPING1.MAP, 4160 bytes, 15/02/2007 4:52:30 PM
.1559 16:55:58 (0) ** - MAPPING2.MAP, 4160 bytes, 14/02/2007 1:09:18 PM
.1560 16:55:58 (0) ** - OBJECTS.DATA, 6832128 bytes, 06/02/2007 7:36:22 AM
.1561 16:55:58 (0) ** - OBJECTS.MAP, 3376 bytes, 15/02/2007 4:52:30 PM
.1562 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1563 16:55:58 (2) !! WARNING: Windows Firewall Service: .................................................................................. STOPPED.
.1564 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1565 16:55:58 (0) ** DCOM Status: ........................................................................................................ OK.
.1566 16:55:58 (0) ** WMI registry setup: ................................................................................................. OK.
.1567 16:55:58 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
.1568 16:55:58 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
.1569 16:55:58 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Manual')
.1570 16:55:58 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
.1571 16:55:58 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
.1572 16:55:58 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
.1573 16:55:58 (0) ** this can prevent the service/application to work as expected.
.1574 16:55:58 (0) **
.1575 16:55:58 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
.1576 16:55:58 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
.1577 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1578 16:55:58 (0) ** WMI service DCOM setup: ............................................................................................. OK.
.1579 16:55:58 (0) ** WMI components DCOM registrations: .................................................................................. OK.
.1580 16:55:58 (0) ** WMI ProgID registrations: ........................................................................................... OK.
.1581 16:55:58 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
.1582 16:55:58 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
.1583 16:55:58 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
.1584 16:55:58 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
.1585 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1586 16:55:58 (0) ** Overall DCOM security status: ....................................................................................... OK.
.1587 16:55:58 (0) ** Overall WMI security status: ........................................................................................ OK.
.1588 16:55:58 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
.1589 16:55:58 (0) ** WMI permanent SUBSCRIPTION(S): ...................................................................................... NONE.
.1590 16:55:58 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
.1591 16:55:58 (1) !! ERROR: WMI ADAP status: ............................................................................................. NOT AVAILABLE.
.1592 16:55:58 (0) ** You can start the WMI AutoDiscovery/AutoPurge (ADAP) process to resynchronize
.1593 16:55:58 (0) ** the performance counters with the WMI performance classes with the following commands:
.1594 16:55:58 (0) ** i.e. 'WINMGMT.EXE /CLEARADAP'
.1595 16:55:58 (0) ** i.e. 'WINMGMT.EXE /RESYNCPERF'
.1596 16:55:58 (0) ** The ADAP process logs informative events in the Windows NT event log.
.1597 16:55:58 (0) ** More information can be found on MSDN at:
.1598 16:55:58 (0) ** http://msdn.microsoft.com/library/d...n-us/wmisdk/wmi/wmi_adap_event_log_events.asp
.1599 16:55:58 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 1 ERROR(S)!
.1600 16:55:58 (0) ** - Root, 0x46 - Permission denied.
.1601 16:55:58 (0) **
.1602 16:55:58 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 5 ERROR(S)!
.1603 16:55:58 (0) ** - Root, 0x80070005 - Access is denied..
.1604 16:55:58 (0) ** - Root, 0x80070005 - Access is denied..
.1605 16:55:58 (0) ** - Root/Default, 0x80070005 - Access is denied..
.1606 16:55:58 (0) ** - Root/CIMv2, 0x80070005 - Access is denied..
.1607 16:55:58 (0) ** - Root/WMI, 0x80070005 - Access is denied..
.1608 16:55:58 (0) **
.1609 16:55:58 (0) ** WMI GET operations: ................................................................................................. OK.
.1610 16:55:58 (0) ** WMI MOF representations: ............................................................................................ OK.
.1611 16:55:58 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
.1612 16:55:58 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
.1613 16:55:58 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
.1614 16:55:58 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
.1615 16:55:58 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
.1616 16:55:58 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
.1617 16:55:58 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
.1618 16:55:58 (0) ** WMI static instances retrieved: ..................................................................................... 0.
.1619 16:55:58 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
.1620 16:55:58 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
.1621 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1622 16:55:58 (0) **
.1623 16:55:58 (0) ** 1 error(s) 0x46 - (WBEM_UNKNOWN) This error code is external to WMI.
.1624 16:55:58 (0) **
.1625 16:55:58 (0) ** 5 error(s) 0x80070005 - (WBEM_UNKNOWN) This error code is external to WMI.
.1626 16:55:58 (0) ** => This error is not a WMI error. It is typically due to:
.1627 16:55:58 (0) ** - The DCOM security modifications.
.1628 16:55:58 (0) ** => Ensure that DCOM security configuration settings are not modified.
.1629 16:55:58 (0) ** - The user running WMIDiag has not enough privileges or rights to issue requests
.1630 16:55:58 (0) ** against software components exposing information through WMI.
.1631 16:55:58 (0) ** => Ensure that no third party applications installing additional WMI providers have
.1632 16:55:58 (0) ** specific security requirements (i.e. group membership, privileges, etc ...)
.1633 16:55:58 (0) ** - The 'Impersonate Client after authentication' Local Policy is disabled or the
.1634 16:55:58 (0) ** 'SERVICE' account has been removed from that Local Policy.
.1635 16:55:58 (0) ** => You must add the 'SERVICE' account to the 'Impersonate Client after authentication'
.1636 16:55:58 (0) ** Local Policy in the 'Local Policies/User Right Assignments' MMC snap-in (GPEDIT.MSC).
.1637 16:55:58 (0) ** By default, this Local Policy includes the 'SERVICE' account.
.1638 16:55:58 (0) **
.1639 16:55:58 (0) ** => Errors starting with 0x8007 are Win32 errors, NOT WMI errors. More information can be found
.1640 16:55:58 (0) ** with the 'NET.EXE HELPMSG <dddd>' command, where <dddd> is the last four hex digits (0x0005)
.1641 16:55:58 (0) ** converted in decimal (5).
.1642 16:55:58 (0) ** - NET HELPMSG 5
.1643 16:55:58 (0) **
.1644 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1645 16:55:58 (0) ** WMI Registry key setup: ............................................................................................. OK.
.1646 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1647 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1648 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1649 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1650 16:55:58 (0) **
.1651 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1652 16:55:58 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
.1653 16:55:58 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
.1654 16:55:58 (0) **
.1655 16:55:58 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\HOME\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_AMD64-3500_2007.02.15_16.55.28.LOG' for details.
.1656 16:55:58 (0) **
.1657 16:55:58 (0) ** WMIDiag v2.0 ended on February 15, 2007 at 16:55 (W:36 E:14 S:1).


I hope that helps

 

Have a look at this page. Look at the symptoms it lists. Could this be a possiblility?

Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC

 

does not see to really apply to xp-pro

While article mentions at the bottom that it may apply to xp-pro, everything that is suggested applies so 2000 and server 2003. There was nothing that could be applied to my problem..

Thanx nonetheless

DCW

 

that's it you guys give up?

I thought someone here would try a little harder...

I would love to paypal some mulah to anyone who fixes my problemo!

 

Perhaps something relevant?