Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

windowsupdate log : error 0x8024000b

2,620 views
Skip to first unread message

Chris Dupont

unread,
Jan 3, 2010, 3:10:54 PM1/3/10
to
Hello,

When trying to update via the windows update site, the green bar bar
just keeps on scrolling endlessly....

I found the following info in my windowsupdate.log (does anyone has any
idea what might be the problem here?) :


2010-01-03 21:09:34:390 1424 808 Agent WARNING: Failed to evaluate Installed
rule, updateId = {02FF0A91-FC2F-4218-AAF5-D28FDD327581}.105, hr = 80080005
2010-01-03 21:09:34:390 1424 808 PT WARNING:
CAgentUpdateManager::DetectForUpdates failed: 0x8024000b
2010-01-03 21:09:34:390 1424 808 PT WARNING: Sync of Updates: 0x8024000b
2010-01-03 21:09:34:390 1424 808 PT WARNING: SyncServerUpdatesInternal
failed: 0x8024000b
2010-01-03 21:09:34:390 1424 808 Agent * WARNING: Failed to synchronize,
error = 0x8024000B
2010-01-03 21:09:34:562 1424 808 Agent * WARNING: Exit code = 0x8024000B
2010-01-03 21:09:34:562 1424 808 Agent *********
2010-01-03 21:09:34:562 1424 808 Agent ** END ** Agent: Finding updates
[CallerId = MicrosoftUpdate]
2010-01-03 21:09:34:562 1424 808 Agent *************
2010-01-03 21:09:34:562 1424 808 Agent WARNING: WU client failed Searching
for update with error 0x8024000b
2010-01-03 21:09:34:578 3544 380 COMAPI >>-- RESUMED -- COMAPI: Search
[ClientId = MicrosoftUpdate]
2010-01-03 21:09:34:578 3544 380 COMAPI - Updates found = 0
2010-01-03 21:09:34:578 3544 380 COMAPI - WARNING: Exit code = 0x00000000,
Result code = 0x8024000B
2010-01-03 21:09:34:578 3544 380 COMAPI ---------
2010-01-03 21:09:34:578 3544 380 COMAPI -- END -- COMAPI: Search
[ClientId = MicrosoftUpdate]
2010-01-03 21:09:34:578 3544 380 COMAPI -------------
2010-01-03 21:09:34:578 3544 c7c COMAPI -------------
2010-01-03 21:09:34:578 3544 c7c COMAPI -- START -- COMAPI: Search
[ClientId = MicrosoftUpdate]
2010-01-03 21:09:34:578 3544 c7c COMAPI ---------
2010-01-03 21:09:34:593 1424 808 Agent *************
2010-01-03 21:09:34:593 1424 808 Agent ** START ** Agent: Finding updates
[CallerId = MicrosoftUpdate]
2010-01-03 21:09:34:593 1424 808 Agent *********
2010-01-03 21:09:34:593 1424 808 Agent * Online = No; Ignore download
priority = No
2010-01-03 21:09:34:593 1424 808 Agent * Criteria = "IsInstalled = 0 and
IsHidden = 1"
2010-01-03 21:09:34:593 1424 808 Agent * ServiceID =
{7971F918-A847-4430-9279-4A52D1EFE18D} Third party service
2010-01-03 21:09:34:593 1424 808 Agent * Search Scope = {Machine}
2010-01-03 21:09:34:593 3544 c7c COMAPI <<-- SUBMITTED -- COMAPI: Search
[ClientId = MicrosoftUpdate]
2010-01-03 21:09:34:906 1424 808 Agent * WARNING: Exit code = 0x8024000B
2010-01-03 21:09:34:906 1424 808 Agent *********
2010-01-03 21:09:34:906 1424 808 Agent ** END ** Agent: Finding updates
[CallerId = MicrosoftUpdate]
2010-01-03 21:09:34:906 1424 808 Agent *************
2010-01-03 21:09:34:906 1424 808 Agent WARNING: WU client failed Searching
for update with error 0x8024000b
2010-01-03 21:09:34:906 1424 b30 Agent WARNING: WU client fails to call back
to search call {7A29DE6E-891E-4DFA-BFC3-7E7F33900655} with error 0x8024000c


Shenan Stanley

unread,
Jan 3, 2010, 3:33:38 PM1/3/10
to

Chris Dupont wrote:
> When trying to update via the windows update site, the green bar bar
> just keeps on scrolling endlessly....
>
> I found the following info in my windowsupdate.log (does anyone
> has any idea what might be the problem here?) :
>
>
> 2010-01-03 21:09:34:390 1424 808 Agent WARNING: Failed to evaluate
> Installed rule, updateId =
> {02FF0A91-FC2F-4218-AAF5-D28FDD327581}.105, hr = 80080005
> 2010-01-03 21:09:34:390 1424 808 PT WARNING:
> CAgentUpdateManager::DetectForUpdates failed: 0x8024000b 2010-01-03
> 21:09:34:390 1424 808 PT WARNING: Sync of Updates: 0x8024000b
> 2010-01-03 21:09:34:390 1424 808 PT WARNING:
> SyncServerUpdatesInternal failed: 0x8024000b 2010-01-03
> 21:09:34:390 1424 808 Agent * WARNING: Failed to synchronize,
> error = 0x8024000B 2010-01-03 21:09:34:562 1424 808 Agent *
> WARNING: Exit code = 0x8024000B 2010-01-03 21:09:34:562 1424 808
<snipped>


Please give your OS information. Here's some tips on how to get
very specific:

Start button --> RUN
(no "RUN"? Press the "Windows Key" + R on your keyboard)
--> type in:
winver
--> Click OK.

The picture at the top of the window that opens will give you the general
(Operating System name and edition) while the line starting with the word
"version" will give you the rest of the story. Post _both_ in response
to this message verbatim. No paraphrasing - instead - ensure
character-for-character copying.

What version of Internet Explorer are you currently using? Easy to find
out. Open Internet Explorer and while that is in-focus, press and hold
the "ALT" key on your keyboard. With the "ALT" key still pressed, press
(just once, no holding) the "H" key. Now, with the "ALT" key still
pressed, press (just once, no holding) the "A" key. That will bring up
the "About Internet Explorer" window. It will give you the exact version
you are using - repeat what you see there in response to this message.

How to determine whether a computer is running a 32-bit version or
64-bit version of the Windows operating system
http://support.microsoft.com/kb/827218

All that can be important in solving your specific issues.

Since I do not yet have this information from you, I can only suggest
some basic stuff and some stuff with caveats that you will have to
determine (based off the information you collect and share using the
above methods) which you need/should/could do.

Basic stuff:

Reboot and logon as administrative user.

Download, install, run, update and perform a full scan with the following
(freeware version):

SuperAntiSpyware
http://www.superantispyware.com/

Reboot and logon as administrative user.

Download, install, run, update and perform a full scan with the following
(freeware version):

MalwareBytes
http://www.malwarebytes.com/

Reboot and logon as administrative user.

Download and run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

You may find nothing, you may find only cookies, you may think it is a
waste of time - but if you do all this and report back here with what you
do/don't find as you are doing all of it - you are adding more pieces to
the puzzle and the entire picture just may become clearer and your
problem resolved.

You also should run a full CHKDSK and defragmentation. How you do
this will depend on your OS.

Windows XP CHKDSK:
http://support.microsoft.com/kb/315265

Windows Vista CHKDSK:
http://www.windows-help-central.com/windows-vista-chkdsk.html

Windows XP Defragmentation:
http://support.microsoft.com/kb/314848

Windows Vista Defragmentation:
http://windows.microsoft.com/en-us/windows-vista/Improve-performance-by-defragmenting-your-hard-disk


Continue by fixing your Windows Update system...

32-bit Operating System:

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

... and click on the "Microsoft Fix it" icon. When asked, select "RUN",
both times. Check the "I agree" box and click on "Next". Check the box
for "Run aggressive options (not recommended)" and click "Next". Let
it finish up and follow the prompts until it is done. Close/exit and
reboot when it is.

64-bit Windows Vista:

Download, install and run...

System Update Readiness Tool for x64-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyId=f6f353c0-d00e-43e7-97ef-0feefc7ff064


Reboot and logon as administrative user.

Try to get updates.

Come back and let us know.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


Chris Dupont

unread,
Jan 3, 2010, 4:16:03 PM1/3/10
to
OS is Windows XP Pro SP3


"Shenan Stanley" <newsh...@gmail.com> schreef in bericht
news:eUOTQQLj...@TK2MSFTNGP02.phx.gbl...

Chris Dupont

unread,
Jan 3, 2010, 4:28:29 PM1/3/10
to
Hello Shenan,

To be more specific (like you asked)

OS : Windows XP Pro SP3 - Version 5.1 (build 2600.xpsp_sp3_gdr.090804-1435 :
Service Pack 3)
IE : IE8 - Version 8.0.6001.18702

OS is a 32-bit version

The problem only started a couple of weeks ago, approximately.

As anti-virus/anti-spyware/anti-malware software i have Kasperky Anti-Virus
8.0 which i have for a long time and which works very well.

Hope you can help me better now with this specific info. Would be greatly
appreciated.

best
regards,
Chris.


"Shenan Stanley" <newsh...@gmail.com> schreef in bericht
news:eUOTQQLj...@TK2MSFTNGP02.phx.gbl...
>

Shenan Stanley

unread,
Jan 3, 2010, 4:32:38 PM1/3/10
to
Chris Dupont wrote:
> When trying to update via the windows update site, the green bar bar
> just keeps on scrolling endlessly....
>
> I found the following info in my windowsupdate.log (does anyone
> has any idea what might be the problem here?) :
>
>
> 2010-01-03 21:09:34:390 1424 808 Agent WARNING: Failed to evaluate
> Installed rule, updateId =
> {02FF0A91-FC2F-4218-AAF5-D28FDD327581}.105, hr = 80080005
> 2010-01-03 21:09:34:390 1424 808 PT WARNING:
> CAgentUpdateManager::DetectForUpdates failed: 0x8024000b 2010-01-03
> 21:09:34:390 1424 808 PT WARNING: Sync of Updates: 0x8024000b
> 2010-01-03 21:09:34:390 1424 808 PT WARNING:
> SyncServerUpdatesInternal failed: 0x8024000b 2010-01-03
> 21:09:34:390 1424 808 Agent * WARNING: Failed to synchronize,
> error = 0x8024000B 2010-01-03 21:09:34:562 1424 808 Agent *
> WARNING: Exit code = 0x8024000B 2010-01-03 21:09:34:562 1424 808
<snipped>

Chris Dupont wrote:
> OS is Windows XP Pro SP3

Although I appreciate the partial information...

I provided the methods for getting much more detailed information for a
reason. *grin*

We now can assume safely you have Windows XP Professional (32-bit) with
something you think is SP3 (although I have seen people still running and
installing the beta/pre-release versions of SP3 as recently as a few months
ago - thus why I ask and direct you to get the "VERSION" information.)
Still no idea what Internet Explorer version you are utilizing. ;-)

Given what you have thus far, the instructions change to this:

Reboot and logon as administrative user.

Download, install, run, update and perform a full scan with the following
(freeware version):

SuperAntiSpyware
http://www.superantispyware.com/

Reboot and logon as administrative user.

Download, install, run, update and perform a full scan with the following
(freeware version):

MalwareBytes
http://www.malwarebytes.com/

Reboot and logon as administrative user.

Download and run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

You may find nothing, you may find only cookies, you may think it is a
waste of time - but if you do all this and report back here with what you
do/don't find as you are doing all of it - you are adding more pieces to
the puzzle and the entire picture just may become clearer and your
problem resolved.

You also should run a full CHKDSK and defragmentation.

Windows XP CHKDSK:
http://support.microsoft.com/kb/315265

Windows XP Defragmentation:
http://support.microsoft.com/kb/314848

Reboot and logon as administrative user.

Continue by fixing your Windows Update system...

32-bit Operating System:

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

... and click on the "Microsoft Fix it" icon. When asked, select "RUN",
both times. Check the "I agree" box and click on "Next". Check the box
for "Run aggressive options (not recommended)" and click "Next". Let
it finish up and follow the prompts until it is done. Close/exit and
reboot when it is.

Reboot and logon as administrative user.

Visit http://windowsupdate.microsoft.com/ in Internet Explorer and
select to do a CUSTOM scan...

Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.

Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.

Reboot again.

If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.

The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to
install Internet Explorer 8 at this time.

Then - when done - let everyone here know if it worked for you - or if
you have more issues.

PA Bear [MS MVP]

unread,
Jan 3, 2010, 4:26:50 PM1/3/10
to

Error message when you try to install updates from the Windows Update or
Microsoft Update Web site: "0x8024000B":
http://support.microsoft.com/kb/958040

Shenan Stanley

unread,
Jan 3, 2010, 4:49:51 PM1/3/10
to
<snipped>

Chris Dupont wrote:
> To be more specific (like you asked)
>
> OS : Windows XP Pro SP3 - Version 5.1 (build
> 2600.xpsp_sp3_gdr.090804-1435 : Service Pack 3)
> IE : IE8 - Version 8.0.6001.18702
>
> OS is a 32-bit version
>
> The problem only started a couple of weeks ago, approximately.
>
> As anti-virus/anti-spyware/anti-malware software i have Kasperky
> Anti-Virus 8.0 which i have for a long time and which works very well.
>
> Hope you can help me better now with this specific info. Would be
> greatly appreciated.

Please do not change the subject line in the middle of a conversation. ;-)
It can confuse some newsreaders and such.

I appreciate the details - if more people started their post with such
informations - things would go along much faster.

Although your issue may be fixed by following PA Bear's advice
(http://support.microsoft.com/kb/958040) - something caused the issue. So
my advice (from the general section I gave) will still apply IMHO. Better
to ensure whatever caused it is still not around (and scanning for malware
seldom hurts) and running the reset tool for your updates should get you
cleaned up/able to update and possibly faster/better off than before. ;-)

Chris Dupont

unread,
Jan 3, 2010, 4:49:53 PM1/3/10
to
Tried it, still doesn't work :-(


"PA Bear [MS MVP]" <PABe...@gmail.com> schreef in bericht
news:OU2hnxLj...@TK2MSFTNGP06.phx.gbl...

MowGreen

unread,
Jan 4, 2010, 2:14:58 PM1/4/10
to
0x8024000b means that the operation was cancelled.
The green bar scrolling endlessly is occurring because of
error 0x80080005

2010-01-03 21:09:34:390 1424 808 Agent WARNING: Failed to evaluate
Installed rule, updateId = {02FF0A91-FC2F-4218-AAF5-D28FDD327581}.105,
hr = 80080005

Either there's corruption in the CatRoot2 subfolder or the winsock stack
is damaged.

First, suggest you do a clean boot of XP and see if it can search for
updates while in the clean boot state:

How to configure Windows XP to start in a "clean boot" state
http://support.microsoft.com/kb/310353

If the system can search for updates, then the issue is being caused by
'something' that Kaspersky has done or is doing.

If the system can not search for updates, while still in the clean boot
state, open a Command Prompt ( Start > Run > type in cmd > click OK )
At the prompt, type in the following commands, pressing Enter after
*each* one

netsh winsock reset
exit

After the first command is entered you'll get a message stating the
system must be restarted. Enter the second command, which will close the
Command Prompt window, and then restart the system.
Check once more to see if it can search for updates.

If it still can not, please run the following from Start > Run
type in sigverif.exe > click OK
Click Advanced
Click 'Notify me if any system files are not signed'
On the Logging tab, make sure the 'Save the file signature
verification results to a log file' check box is selected
Name the log SigVerif.txt and click OK
Click Start

When the tool is done running, copy and paste it into your reply please,
Chris.

Also, please copy and paste the last 50 or so lines of the
WindowsUpdate.log along with the SigVerif.txt.
What we're looking for is the Version of the Windows Update Agent, which
will look like this in the WU.log:

2010-01-04 07:40:50:162 980 910 Misc =========== Logging initialized
(build: 7.4.7600.226

How to read the Windowsupdate.log file
http://support.microsoft.com/kb/902093

MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked"

Chris Dupont

unread,
Jan 4, 2010, 7:20:25 PM1/4/10
to
Hello MowGreen,

I've discovered that the problem is related to the fact that the Windows
WMI-service can't be started.
Also can't start 2 other services, cfr. Security center service and Windows
firewall service.
When trying to start WMI-service, I allways get the following error : "ERROR
126 : can't find module"
So i executed the Microsoft WMIdiag.exe tool. In the log created by this
tool, i found the following information.
Can anyone help me with this ? Because i still don't understand what is
exactly the cause of these problems.

Info from tha WMidiag log :

.1261 00:55:22 (1) !! ERROR: (StartService) : Start service 'WINMGMT'
command timeout.
.1262 00:55:22 (0) ** Verifying WMI providers loaded BEFORE WMIDiag
execution.
.1263 00:55:52 (1) !! ERROR: (CheckWMIStaticData) : 0x80080005 -
Serveruitvoering is mislukt
.1264 00:55:52 (0) ** Verifying WMI namespace 'Root' (L=1).
.1265 00:56:22 (1) !! ERROR: (CheckWMIStaticData) : 0x1AD - ActiveX
component can't create object
.1266 00:56:52 (1) !! ERROR: (CheckWMIStaticData) : 0x80080005 -
Serveruitvoering is mislukt
.1267 00:56:52 (0) ** Verifying WMI ADAP status.
.1268 00:57:22 (1) !! ERROR: (GetADAPStatus) : 0x80080005 - Serveruitvoering
is mislukt
.1269 00:57:22 (0) ** Verifying WMI features.
.1270 00:57:22 (3) Opening WMI namespace 'Root'.
.1271 00:57:52 (1) !! ERROR: (CheckWMIFeatures) : 0x80080005 -
Serveruitvoering is mislukt
.1272 00:57:52 (3) Opening WMI namespace 'Root/Default'.
.1273 00:58:22 (1) !! ERROR: (CheckWMIFeatures) : 0x80080005 -
Serveruitvoering is mislukt
.1274 00:58:22 (3) Opening WMI namespace 'Root/CIMv2'.
.1275 00:58:52 (1) !! ERROR: (CheckWMIFeatures) : 0x80080005 -
Serveruitvoering is mislukt
.1276 00:58:52 (3) Opening WMI namespace 'Root/WMI'.
.1277 00:59:22 (1) !! ERROR: (CheckWMIFeatures) : 0x80080005 -
Serveruitvoering is mislukt
.1278 00:59:22 (0) ** Collecting system information.
.1279 00:59:52 (1) !! ERROR: (CheckWMIInventory) : 0x80080005 -
Serveruitvoering is mislukt
.1280 00:59:52 (0) ** Verifying WMI providers loaded AFTER WMIDiag
execution.
.1281 01:00:22 (1) !! ERROR: (CheckWMIStaticData) : 0x80080005 -
Serveruitvoering is mislukt
.1282 01:00:22 (0) ** Verifying WMI Repository files presence.
.1283 01:00:22 (3) 'C:\WINDOWS\SYSTEM32\WBEM\Repository\FS' has a size of
11149484 bytes.
.1284 01:00:22 (3) 'INDEX.BTR' has a size of 1728512 bytes (Created:
4/01/2010 1:17:20, Last Accessed: 5/01/2010 0:55:00, Last Modified:
20/03/2009 7:47:48).
.1285 01:00:22 (3) 'INDEX.MAP' has a size of 904 bytes (Created:
4/01/2010 1:17:20, Last Accessed: 5/01/2010 0:55:00, Last Modified:
20/03/2009 7:47:48).
.1286 01:00:22 (3) 'OBJECTS.DATA' has a size of 9404416 bytes (Created:
4/01/2010 1:17:20, Last Accessed: 5/01/2010 0:55:00, Last Modified:
20/03/2009 7:47:48).
.1287 01:00:22 (3) 'OBJECTS.MAP' has a size of 4632 bytes (Created:
4/01/2010 1:17:20, Last Accessed: 5/01/2010 0:55:00, Last Modified:
20/03/2009 7:47:49).
.1288 01:00:22 (0) ** WMIDiag v2.0 completed.
.1289 01:00:22 (0) **
.1290 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1291 01:00:22 (0) ** -----------------------------------------------------
WMI REPORT: BEGIN ----------------------------------------------------------
.1292 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1293 01:00:22 (0) **
.1294 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1295 01:00:22 (0) ** Windows XP - No service pack - 32-bit (2600) - User
'PC-CHRIS\CHRIS DUPONT' on computer 'PC-CHRIS'.
.1296 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1297 01:00:22 (0) ** Environment:
........................................................................................................
OK..
.1298 01:00:22 (0) ** There are no missing WMI system files:
..............................................................................
OK.
.1299 01:00:22 (0) ** There are no missing WMI repository files:
..........................................................................
OK.
.1300 01:00:22 (0) ** WMI repository state:
...............................................................................................
N/A.
.1301 01:00:22 (0) ** BEFORE running WMIDiag:
.1302 01:00:22 (0) ** The WMI repository has a size of:
...................................................................................
11 MB.
.1303 01:00:22 (0) ** - Disk free space on 'C:':
..........................................................................................
6240 MB.
.1304 01:00:22 (0) ** - INDEX.BTR, 1728512 bytes,
20/03/2009 7:47:48
.1305 01:00:22 (0) ** - INDEX.MAP, 904 bytes,
20/03/2009 7:47:48
.1306 01:00:22 (0) ** - OBJECTS.DATA, 9404416 bytes,
20/03/2009 7:47:48
.1307 01:00:22 (0) ** - OBJECTS.MAP, 4632 bytes,
20/03/2009 7:47:49
.1308 01:00:22 (0) ** AFTER running WMIDiag:
.1309 01:00:22 (0) ** The WMI repository has a size of:
...................................................................................
11 MB.
.1310 01:00:22 (0) ** - Disk free space on 'C:':
..........................................................................................
6238 MB.
.1311 01:00:22 (0) ** - INDEX.BTR, 1728512 bytes,
20/03/2009 7:47:48
.1312 01:00:22 (0) ** - INDEX.MAP, 904 bytes,
20/03/2009 7:47:48
.1313 01:00:22 (0) ** - OBJECTS.DATA, 9404416 bytes,
20/03/2009 7:47:48
.1314 01:00:22 (0) ** - OBJECTS.MAP, 4632 bytes,
20/03/2009 7:47:49
.1315 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1316 01:00:22 (0) ** Windows Firewall:
...................................................................................................
NOT INSTALLED.
.1317 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1318 01:00:22 (0) ** DCOM Status:
........................................................................................................
OK.
.1319 01:00:22 (0) ** WMI registry setup:
.................................................................................................
OK.
.1320 01:00:22 (0) ** WMI Service has no dependents:
......................................................................................
OK.
.1321 01:00:22 (0) ** RPCSS service:
......................................................................................................
OK (Already started).
.1322 01:00:22 (0) ** WINMGMT service:
....................................................................................................
Failed to start.
.1323 01:00:22 (0) ** => The WINMGMT service can't be started. This could be
due to the following reasons:
.1324 01:00:22 (0) ** - The service is DISABLED. You can re-enable the
service with the command:
.1325 01:00:22 (0) ** i.e. 'SC.EXE CONFIG WINMGMT START= AUTO'
.1326 01:00:22 (0) ** Note: The SC.EXE command is available in the
Windows Resource Kit.
.1327 01:00:22 (0) ** - The WINMGMT service depends on RPCSS service
which is DISABLED or unable to start.
.1328 01:00:22 (0) ** - If the service is ENABLED but can't start, then
the service registry may contains bad data.
.1329 01:00:22 (0) ** Note: Registry setup errors should be reported.
Follow the steps related to registry issues.
.1330 01:00:22 (0) ** => After verifying the registry, if the WMI service
does not start yet, you can try to
.1331 01:00:22 (0) ** to run the service as a STANDALONE service host or
as a SHARED service host (SvcHost)
.1332 01:00:22 (0) ** You can achieve this by running ONE of the
following commands (case sensitive):
.1333 01:00:22 (0) ** - to configure the service to run as a SHARED
service host (recommended):
.1334 01:00:22 (0) ** i.e. 'RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMISVC.DLL,MoveToShared'
.1335 01:00:22 (0) ** - if you have issue to get it running as a SHARED
service host, the WMI service
.1336 01:00:22 (0) ** can be configured to run as a STANDALONE service
host:
.1337 01:00:22 (0) ** i.e. 'RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\WBEM\WMISVC.DLL,MoveToAlone'
.1338 01:00:22 (0) ** => If the registry is correct and the WMI service does
not start yet, the WMI repository could be inconsistent.
.1339 01:00:22 (0) ** - Validating the repository consistency. In such a
case, you must rerun WMIDiag with 'WriteInRepository' parameter
.1340 01:00:22 (0) ** to validate the WMI repository operations.
.1341 01:00:22 (0) ** Note: ENSURE you are an administrator with FULL
access to WMI EVERY namespaces of the computer before
.1342 01:00:22 (0) ** executing the WriteInRepository command. To
write temporary data from the Root namespace, use:
.1343 01:00:22 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
.1344 01:00:22 (0) ** - If the WriteInRepository command fails, while
being an Administrator with ALL accesses to ALL namespaces
.1345 01:00:22 (0) ** the WMI repository must be
reconstructed/recovered.
.1346 01:00:22 (0) ** - The repository can be recovered from a previous
backup.
.1347 01:00:22 (0) ** Note: The System State backup or the System Restore
snapshot contain a backup of
.1348 01:00:22 (0) ** of the WMI repository.
.1349 01:00:22 (0) ** => If no backup is available, you must rebuild the
repository.
.1350 01:00:22 (0) ** - Re-run WMIDiag with the ShowMOFErrors, this will
show any MOF file issues.
.1351 01:00:22 (0) ** i.e. 'WMIDiag ShowMOFErrors'
.1352 01:00:22 (0) ** Note: The WMI repository reconstruction requires to
locate all MOF files needed to rebuild the repository,
.1353 01:00:22 (0) ** otherwise some applications may fail after
the reconstruction.
.1354 01:00:22 (0) ** This can be achieved with the following
command:
.1355 01:00:22 (0) ** i.e. 'WMIDiag ShowMOFErrors'
.1356 01:00:22 (0) ** Note: Any missing MOF files, or existing MOF files
not listed in the Auto-recovery
.1357 01:00:22 (0) ** registry key will be excluded from the WMI
repository reconstruction.
.1358 01:00:22 (0) ** This may imply the lost of WMI registration
information.
.1359 01:00:22 (0) ** Note: The repository reconstruction must be a LAST
RESORT solution and ONLY after executing
.1360 01:00:22 (0) ** ALL fixes previously mentioned.
.1361 01:00:22 (2) !! WARNING: Static information stored by external
applications in the repository will be LOST! (i.e. SMS Inventory)
.1362 01:00:22 (0) ** - To rebuild the WMI repository, you must:
.1363 01:00:22 (0) ** - Stop the WMI Service.
.1364 01:00:22 (0) ** i.e. 'NET.EXE STOP WINMGMT'
.1365 01:00:22 (0) ** - Move the existing WMI repository files to another
location.
.1366 01:00:22 (0) ** i.e. MOVE
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\*.* %TEMP%
.1367 01:00:22 (0) ** - Start the WMI Service.
.1368 01:00:22 (0) ** i.e. 'NET.EXE START WINMGMT'
.1369 01:00:22 (0) ** WMI will rebuild the WMI repository based the
auto-recovery mechanism.
.1370 01:00:22 (0) **
.1371 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1372 01:00:22 (0) ** WMI service DCOM setup:
.............................................................................................
OK.
.1373 01:00:22 (0) ** WMI components DCOM registrations:
..................................................................................
OK.
.1374 01:00:22 (0) ** WMI ProgID registrations:
...........................................................................................
OK.
.1375 01:00:22 (0) ** WMI provider DCOM registrations:
....................................................................................
OK.
.1376 01:00:22 (0) ** WMI provider CIM registrations:
.....................................................................................
OK.
.1377 01:00:22 (0) ** WMI provider CLSIDs:
................................................................................................
OK.
.1378 01:00:22 (0) ** WMI providers EXE/DLL availability:
.................................................................................
OK.
.1379 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1380 01:00:22 (0) ** DCOM security for 'My Computer' (Launch & Activation
Permissions/Edit Default): ..................................... MODIFIED.
.1381 01:00:22 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has
been REMOVED!
.1382 01:00:22 (0) ** - REMOVED ACE:
.1383 01:00:22 (0) ** ACEType: &h0
.1384 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1385 01:00:22 (0) ** ACEFlags: &h0
.1386 01:00:22 (0) ** ACEMask: &h1
.1387 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1388 01:00:22 (0) **
.1389 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1390 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1391 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1392 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1393 01:00:22 (0) **
.1394 01:00:22 (0) ** DCOM security for 'My Computer' (Launch & Activation
Permissions/Edit Default): ..................................... MODIFIED.
.1395 01:00:22 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has
been REMOVED!
.1396 01:00:22 (0) ** - REMOVED ACE:
.1397 01:00:22 (0) ** ACEType: &h0
.1398 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1399 01:00:22 (0) ** ACEFlags: &h0
.1400 01:00:22 (0) ** ACEMask: &h1
.1401 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1402 01:00:22 (0) **
.1403 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1404 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1405 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1406 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1407 01:00:22 (0) **
.1408 01:00:22 (0) ** DCOM security for 'Windows Management Instrumentation'
(Launch & Activation Permissions): ........................... MODIFIED.
.1409 01:00:22 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
.1410 01:00:22 (0) ** - REMOVED ACE:
.1411 01:00:22 (0) ** ACEType: &h0
.1412 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1413 01:00:22 (0) ** ACEFlags: &h0
.1414 01:00:22 (0) ** ACEMask: &h1
.1415 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1416 01:00:22 (0) **
.1417 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1418 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1419 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1420 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1421 01:00:22 (0) **
.1422 01:00:22 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem
Host' (Launch & Activation Permissions): ........................ MODIFIED.
.1423 01:00:22 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has
been REMOVED!
.1424 01:00:22 (0) ** - REMOVED ACE:
.1425 01:00:22 (0) ** ACEType: &h0
.1426 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1427 01:00:22 (0) ** ACEFlags: &h0
.1428 01:00:22 (0) ** ACEMask: &h1
.1429 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1430 01:00:22 (0) **
.1431 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1432 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1433 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1434 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1435 01:00:22 (0) **
.1436 01:00:22 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem
Host' (Launch & Activation Permissions): ........................ MODIFIED.
.1437 01:00:22 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has
been REMOVED!
.1438 01:00:22 (0) ** - REMOVED ACE:
.1439 01:00:22 (0) ** ACEType: &h0
.1440 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1441 01:00:22 (0) ** ACEFlags: &h0
.1442 01:00:22 (0) ** ACEMask: &h1
.1443 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1444 01:00:22 (0) **
.1445 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1446 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1447 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1448 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1449 01:00:22 (0) **
.1450 01:00:22 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem
Host' (Launch & Activation Permissions): ........................ MODIFIED.
.1451 01:00:22 (1) !! ERROR: Default trustee 'NT AUTHORITY\NETWORK SERVICE'
has been REMOVED!
.1452 01:00:22 (0) ** - REMOVED ACE:
.1453 01:00:22 (0) ** ACEType: &h0
.1454 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1455 01:00:22 (0) ** ACEFlags: &h0
.1456 01:00:22 (0) ** ACEMask: &h1
.1457 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1458 01:00:22 (0) **
.1459 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1460 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1461 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1462 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1463 01:00:22 (0) **
.1464 01:00:22 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem
Host' (Launch & Activation Permissions): ........................ MODIFIED.
.1465 01:00:22 (1) !! ERROR: Default trustee 'NT AUTHORITY\LOCAL SERVICE'
has been REMOVED!
.1466 01:00:22 (0) ** - REMOVED ACE:
.1467 01:00:22 (0) ** ACEType: &h0
.1468 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1469 01:00:22 (0) ** ACEFlags: &h0
.1470 01:00:22 (0) ** ACEMask: &h1
.1471 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1472 01:00:22 (0) **
.1473 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1474 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1475 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1476 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1477 01:00:22 (0) **
.1478 01:00:22 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
.1479 01:00:22 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has
been REMOVED!
.1480 01:00:22 (0) ** - REMOVED ACE:
.1481 01:00:22 (0) ** ACEType: &h0
.1482 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1483 01:00:22 (0) ** ACEFlags: &h0
.1484 01:00:22 (0) ** ACEMask: &h1
.1485 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1486 01:00:22 (0) **
.1487 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1488 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1489 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1490 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1491 01:00:22 (0) **
.1492 01:00:22 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
.1493 01:00:22 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has
been REMOVED!
.1494 01:00:22 (0) ** - REMOVED ACE:
.1495 01:00:22 (0) ** ACEType: &h0
.1496 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1497 01:00:22 (0) ** ACEFlags: &h0
.1498 01:00:22 (0) ** ACEMask: &h1
.1499 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1500 01:00:22 (0) **
.1501 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1502 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1503 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1504 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1505 01:00:22 (0) **
.1506 01:00:22 (0) ** DCOM security for 'Microsoft WBEM UnSecured Apartment'
(Launch & Activation Permissions): ........................... MODIFIED.
.1507 01:00:22 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been
REMOVED!
.1508 01:00:22 (0) ** - REMOVED ACE:
.1509 01:00:22 (0) ** ACEType: &h0
.1510 01:00:22 (0) ** ACCESS_ALLOWED_ACE_TYPE
.1511 01:00:22 (0) ** ACEFlags: &h0
.1512 01:00:22 (0) ** ACEMask: &h1
.1513 01:00:22 (0) ** DCOM_RIGHT_EXECUTE
.1514 01:00:22 (0) **
.1515 01:00:22 (0) ** => The REMOVED ACE was part of the DEFAULT setup for
the trustee.
.1516 01:00:22 (0) ** Removing default security will cause some
operations to fail!
.1517 01:00:22 (0) ** It is possible to fix this issue by editing the
security descriptor and adding the ACE.
.1518 01:00:22 (0) ** For DCOM objects, this can be done with
'DCOMCNFG.EXE'.
.1519 01:00:22 (0) **
.1520 01:00:22 (0) **
.1521 01:00:22 (0) ** DCOM security warning(s) detected:
..................................................................................
0.
.1522 01:00:22 (0) ** DCOM security error(s) detected:
....................................................................................
10.
.1523 01:00:22 (0) ** WMI security warning(s) detected:
...................................................................................
0.
.1524 01:00:22 (0) ** WMI security error(s) detected:
.....................................................................................
0.
.1525 01:00:22 (0) **
.1526 01:00:22 (1) !! ERROR: Overall DCOM security status:
................................................................................
ERROR!
.1527 01:00:22 (0) ** Overall WMI security status:
........................................................................................
OK.
.1528 01:00:22 (0) ** - Started at
'Root' --------------------------------------------------------------------------------------------------------------
.1529 01:00:22 (0) ** WMI permanent SUBSCRIPTION(S):
......................................................................................
NONE.
.1530 01:00:22 (0) ** WMI TIMER instruction(s):
...........................................................................................
NONE.
.1531 01:00:22 (1) !! ERROR: WMI ADAP status:
.............................................................................................
NOT AVAILABLE.
.1532 01:00:22 (0) ** You can start the WMI AutoDiscovery/AutoPurge
(ADAP) process to resynchronize
.1533 01:00:22 (0) ** the performance counters with the WMI performance
classes with the following commands:
.1534 01:00:22 (0) ** i.e. 'WINMGMT.EXE /CLEARADAP'
.1535 01:00:22 (0) ** i.e. 'WINMGMT.EXE /RESYNCPERF'
.1536 01:00:22 (0) ** The ADAP process logs informative events in the
Windows NT event log.
.1537 01:00:22 (0) ** More information can be found on MSDN at:
.1538 01:00:22 (0) **
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_adap_event_log_events.asp
.1539 01:00:22 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the
following namespaces: .......................................... 1 ERROR(S)!
.1540 01:00:22 (0) ** - Root, 0x1AD - ActiveX component can't create object.
.1541 01:00:22 (0) **
.1542 01:00:22 (1) !! ERROR: WMI CONNECTION errors occured for the following
namespaces: .................................................. 5 ERROR(S)!
.1543 01:00:22 (0) ** - Root, 0x80080005 - Serveruitvoering is mislukt.
.1544 01:00:22 (0) ** - Root, 0x80080005 - Serveruitvoering is mislukt.
.1545 01:00:22 (0) ** - Root/Default, 0x80080005 - Serveruitvoering is
mislukt.
.1546 01:00:22 (0) ** - Root/CIMv2, 0x80080005 - Serveruitvoering is
mislukt.
.1547 01:00:22 (0) ** - Root/WMI, 0x80080005 - Serveruitvoering is mislukt.
.1548 01:00:22 (0) **
.1549 01:00:22 (0) ** WMI GET operations:
.................................................................................................
OK.
.1550 01:00:22 (0) ** WMI MOF representations:
............................................................................................
OK.
.1551 01:00:22 (0) ** WMI QUALIFIER access operations:
....................................................................................
OK.
.1552 01:00:22 (0) ** WMI ENUMERATION operations:
.........................................................................................
OK.
.1553 01:00:22 (0) ** WMI EXECQUERY operations:
...........................................................................................
OK.
.1554 01:00:22 (0) ** WMI GET VALUE operations:
...........................................................................................
OK.
.1555 01:00:22 (0) ** WMI WRITE operations:
...............................................................................................
NOT TESTED.
.1556 01:00:22 (0) ** WMI PUT operations:
.................................................................................................
NOT TESTED.
.1557 01:00:22 (0) ** WMI DELETE operations:
..............................................................................................
NOT TESTED.
.1558 01:00:22 (0) ** WMI static instances retrieved:
.....................................................................................
0.
.1559 01:00:22 (0) ** WMI dynamic instances retrieved:
....................................................................................
0.
.1560 01:00:22 (0) ** WMI instance request cancellations (to limit
performance impact): ................................................... 0.
.1561 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1562 01:00:22 (0) **
.1563 01:00:22 (0) ** 1 error(s) 0x1AD - (WBEM_UNKNOWN) This error code is
external to WMI.
.1564 01:00:22 (0) **
.1565 01:00:22 (0) ** 5 error(s) 0x80080005 - (WBEM_UNKNOWN) This error code
is external to WMI.
.1566 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1567 01:00:22 (0) ** WMI Registry key setup:
.............................................................................................
OK.
.1568 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1569 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1570 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1571 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1572 01:00:22 (0) **
.1573 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1574 01:00:22 (0) ** ------------------------------------------------------
WMI REPORT: END -----------------------------------------------------------
.1575 01:00:22 (0)
** ----------------------------------------------------------------------------------------------------------------------------------
.1576 01:00:22 (0) **
.1577 01:00:22 (0) ** ERROR: WMIDiag detected issues that could prevent WMI
to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\CHRIS DUPONT\LOCAL
SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_PC-CHRIS_2010.01.05_00.54.46.LOG'
for details.
.1578 01:00:22 (0) **
.1579 01:00:22 (0) ** WMIDiag executed in 6 minutes.
.1580 01:00:22 (3)
.1581 01:00:22 (3) 2.0,1/5/2010,0:54:59,1/4/2010
1:23:12,False,False,False,32-bit,x86 Family 15 Model 47 Stepping 2
AuthenticAMD,5.1,2600,Service Pack 3,Windows XP - No service pack -
32-bit,XP___.CLI.RTM.32,,PC-CHRIS,PC-CHRIS\CHRIS DUPONT,False,Root,0,
,0,0,0,0, ,11,6240,11,6238, , , ,0,0,0,0,0,0,0,0,0,0,0, ,
,10,0,0,0,0,0,N/A,0,1,5,0,0,0,0,0,0,0,0,0, , , ,0,0,0, , , , , ,
,0,73,0,24,1/5/2010,1:00:22,0,0,0,336,104,25,1,WMIDIAG-V2.0_XP___.CLI.RTM.32_PC-CHRIS_2010.01.05_00.54.46.LOG,C:\DOCUMENTS
AND SETTINGS\CHRIS DUPONT\LOCAL
SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_PC-CHRIS_2010.01.05_00.54.46.LOG
.1582 01:00:22 (3)
.1583 01:00:22 (0) ** WMIDiag v2.0 ended on dinsdag 5 januari 2010 at 01:00
(W:104 E:25 S:1).
.1890 01:00:22 (0) ** TXT file "C:\DOCUMENTS AND SETTINGS\CHRIS DUPONT\LOCAL
SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_PC-CHRIS_2010.01.05_00.54.46-REPORT.TXT"
closed.
.1891 01:00:22 (0) ** CSV file "C:\DOCUMENTS AND SETTINGS\CHRIS DUPONT\LOCAL
SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_PC-CHRIS_2010.01.05_00.54.46-STATISTICS.CSV"
closed.
.1892 01:00:22 (0) ** LOG file "C:\DOCUMENTS AND SETTINGS\CHRIS DUPONT\LOCAL
SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_PC-CHRIS_2010.01.05_00.54.46.LOG"
closed.

Any help would be greatly appreciated,

Chris.

"MowGreen" <mowg...@nowandzen.com> schreef in bericht
news:%23KfwzIX...@TK2MSFTNGP02.phx.gbl...

Chris Dupont

unread,
Jan 4, 2010, 8:06:05 PM1/4/10
to
So now i'm trying to resolve the issues by following the suggestions in the
log, but i have a problem with adding the ACE with dcomcnfg.exe as suggested
(see error " default trustee BUILTIN/ADMINISTRATORS was removed". Actually i
don't know how to do this, i executed dcomcnfg but don't know what to do
there and where to do it.
Anyone who knows how to do this ?

Chris.


"Chris Dupont" <chris....@telenet.be> schreef in bericht
news:iGv0n.37112$Ic5....@newsfe16.ams2...

PA Bear [MS MVP]

unread,
Jan 4, 2010, 8:24:10 PM1/4/10
to
This "smells" like the result of a hijackware infection. How long has KAV
been installed? Has your subscription ever expired, however briefly?

Has a Norton or McAfee application ever been installed on this machine
(e.g., a free-trial version that came preinstalled when you bought it)?
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


Chris Dupont wrote:
> I've discovered that the problem is related to the fact that the Windows
> WMI-service can't be started.
> Also can't start 2 other services, cfr. Security center service and
> Windows
> firewall service.
> When trying to start WMI-service, I allways get the following error :
> "ERROR
> 126 : can't find module"
> So i executed the Microsoft WMIdiag.exe tool. In the log created by this
> tool, i found the following information.
> Can anyone help me with this ? Because i still don't understand what is
> exactly the cause of these problems.
>
> Info from tha WMidiag log :

<snip>

>> Chris Dupont wrote:
>>> When trying to update via the windows update site, the green bar bar
>>> just keeps on scrolling endlessly....
>>>
>>> I found the following info in my windowsupdate.log (does anyone has any
>>> idea what might be the problem here?) :
>>>
>>>
>>> 2010-01-03 21:09:34:390 1424 808 Agent WARNING: Failed to evaluate
>>> Installed rule, updateId = {02FF0A91-FC2F-4218-AAF5-D28FDD327581}.105,
>>> hr
>>> = 80080005
>>> 2010-01-03 21:09:34:390 1424 808 PT WARNING:
>>> CAgentUpdateManager::DetectForUpdates failed: 0x8024000b
>>> 2010-01-03 21:09:34:390 1424 808 PT WARNING: Sync of Updates: 0x8024000b
>>> 2010-01-03 21:09:34:390 1424 808 PT WARNING: SyncServerUpdatesInternal
>>> failed: 0x8024000b
>>> 2010-01-03 21:09:34:390 1424 808 Agent * WARNING: Failed to
>>> synchronize, error = 0x8024000B
>>> 2010-01-03 21:09:34:562 1424 808 Agent * WARNING: Exit code =
>>> 0x8024000B

<snip>

Chris Dupont

unread,
Jan 4, 2010, 8:52:36 PM1/4/10
to
Can someone explain why this happens :

When i execute "dcomcnfg" i get a "component services" window,
while i should get "distributed COM configuration properties".
And because i get the wron window, i can't re-create the default trustee
as explained in the log file.


"Chris Dupont" <chris....@telenet.be> schreef in bericht

news:6lw0n.9766$yi1....@newsfe22.ams2...

Chris Dupont

unread,
Jan 4, 2010, 8:56:04 PM1/4/10
to
It is true that in the past, i ran "hijackthis" software to show security
breaches.
In the past, i also had Norton Anti-Virus which i replaced with KAV
since about 2 years. The subscription expired briefly a year ago
for about 2 days.
Any way to solve this ?

"PA Bear [MS MVP]" <PABe...@gmail.com> schreef in bericht

news:eW4Lcfaj...@TK2MSFTNGP02.phx.gbl...

Shenan Stanley

unread,
Jan 4, 2010, 9:12:31 PM1/4/10
to
Chris Dupont wrote:
> It is true that in the past, i ran "hijackthis" software to show
> security breaches.
> In the past, i also had Norton Anti-Virus which i replaced with KAV
> since about 2 years. The subscription expired briefly a year ago
> for about 2 days.
> Any way to solve this ?

Did you ever run through my suggestions? All of them? In order?
Not skipping because you think you have done one of them
- repeating even if you *have* done one.

Reboot and logon as administrative user.

You should start with this (new):
http://service1.symantec.com/support/tsgeninfo.nsf/docid/2005033108162039?OpenDocument&seg=hm&lg=en&ct=us

Reboot and logon as administrative user.

Also - do you have *any* third party firewalls? Is it part of your
antivirus? Even if so - uninstall it - I would say just to disable it,
but sometimes that is not enough. You've been working on this
a while. Ensure - if you remove a firewall - your windows xp
firewall is enabled and for now - set to have *no exceptions*.

Reboot and logon as administrative user.

Download, install, run, update and perform a full scan with the following
(freeware version):

SuperAntiSpyware
http://www.superantispyware.com/

Reboot and logon as administrative user.

Download, install, run, update and perform a full scan with the following
(freeware version):

MalwareBytes
http://www.malwarebytes.com/

Reboot and logon as administrative user.

Download and run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

You may find nothing, you may find only cookies, you may think it is a
waste of time - but if you do all this and report back here with what you
do/don't find as you are doing all of it - you are adding more pieces to
the puzzle and the entire picture just may become clearer and your
problem resolved.

You also should run a full CHKDSK and defragmentation.

Windows XP CHKDSK:
http://support.microsoft.com/kb/315265

Windows XP Defragmentation:
http://support.microsoft.com/kb/314848

Reboot and logon as administrative user.

Download/Install the latest Windows Installer (for your OS):
( Windows XP 32-bit : WindowsXP-KB942288-v3-x86.exe )
http://www.microsoft.com/downloadS/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en

Reboot and logon as administrative user.

Download the latest version of the Windows Update agent from here (x86):
http://go.microsoft.com/fwlink/?LinkID=91237
... and save it to the root of your C:\ drive. After saving it to the
root of the C:\ drive, do the following:

Close all Internet Explorer windows and other applications.

Start button --> RUN and type in:
%SystemDrive%\windowsupdateagent30-x86.exe /WUFORCE
--> Click OK.

(If asked, select "Run.) --> Click on NEXT --> Select "I agree" and click on
NEXT --> When it finishes installing, click on "Finish"...

Reboot and logon as administrative user.

Continue by fixing your Windows Update system...

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058

... and click on the "Microsoft Fix it" icon. When asked, select "RUN",
both times. Check the "I agree" box and click on "Next". Check the box
for "Run aggressive options (not recommended)" and click "Next". Let
it finish up and follow the prompts until it is done. Close/exit and
reboot when it is.

Reboot and logon as administrative user.

Visit http://windowsupdate.microsoft.com/ in Internet Explorer and


select to do a CUSTOM scan...

Every time you are about to click on something while at these web pages -
first press and hold down the CTRL key while you click on it. You can
release the CTRL key after clicking each time.

Once the scan is done, select just _ONE_ of the high priority updates
(deselect any others) and install it.

Reboot again.

If it did work - try the web page again - selecting no more than 3-5 at a
time. Rebooting as needed.

The Optional Software updates are generally safe - although I recommend
against the "Windows Search" one and any of the "Office Live" ones or
"Windows Live" ones for now. I would completely avoid the
Optional Hardware updates. Also - I do not see any urgent need to
install Internet Explorer 8 at this time.

Then - when done - let everyone here know if it worked for you - or if
you have more issues.

--

Chris Dupont

unread,
Jan 5, 2010, 12:34:31 AM1/5/10
to
Hello Shenan,

I allready did norton removal, superantispyware, malwarebytes and MSRT.
Results :

1) Norton removal tool : executed
2)Superantispyware : 700 threats which were under "Adware.Tracking Cookie"
3)Malwarebytes :
Infected Registry Keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302}
(Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e}
(Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and
deleted successfully.


Now i will do the rest and report back here when it's done.

grtz,
Chris.


"Shenan Stanley" <newsh...@gmail.com> schreef in bericht

news:%23KhWWya...@TK2MSFTNGP05.phx.gbl...

PA Bear [MS MVP]

unread,
Jan 5, 2010, 1:51:40 AM1/5/10
to
> In the past, i also had Norton Anti-Virus which i replaced with KAV
> since about 2 years. The subscription expired briefly a year ago
> for about 2 days. Any way to solve this ?

Sure! Back-up any personal data (none of which should be considered 100%
trustworthy at this point) then do a format & clean install of Windows.
Please note that a Repair Install (AKA in-place upgrade) will NOT fix this!

HOW TO do a clean install of WinXP: See
http://michaelstevenstech.com/cleanxpinstall.html#steps and/or Method 1 in
http://support.microsoft.com/kb/978307

After the clean install, you'll have the equivalent of a "new computer" so
take care of everything on the following page before otherwise connecting
the machine to the internet or a network and before using a USB key that
isn't brand-new or hasn't been freshly formatted:

4 steps to help protect your new computer before you go online
http://www.microsoft.com/security/pypc.aspx

Other helpful references include:

HOW TO get a computer running WinXP Gold (no Service Packs) fully patched
(after a clean install)
http://groups.google.com/group/microsoft.public.windowsupdate/msg/3f5afa8ed33e121c

HOW TO get a computer running WinXP SP1(a) or SP2 fully patched (after a
clean install)
http://groups.google.com/group/microsoft.public.windowsxp.general/msg/a066ae41add7dd2b

Tip: After getting the computer fully-patched, download/install KB971029
manually: http://support.microsoft.com/kb/971029

NB: Any Norton or McAfee free-trial that came preinstalled on the computer
when you bought it will be reinstalled (but invalid) when Windows is
reinstalled. You MUST uninstall the free-trial and download/run the
appropriate removal tool before installing any Windows Service Packs or IE
upgrades and before installing your new anti-virus application (e.g., KAV;
which will require WinXP SP3 to be installed).

Norton Removal Tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

McAfee Consumer Products Removal Tool
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Also see:

Steps To Help Prevent Spyware
http://www.microsoft.com/security/spyware/prevent.aspx

Steps to Help Prevent Computer Worms
http://www.microsoft.com/security/worms/prevent.aspx

Avoid Rogue Security Software!
http://www.microsoft.com/security/antivirus/rogue.aspx


--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

www.banthecheck.com

Chris Dupont

unread,
Jan 5, 2010, 6:44:58 PM1/5/10
to
PA bear,

Thanks for the info, but i was looking for a solution without having to
reinstall windows.
There has to be a solution, which is not so radical.
So for now, i'm going to try what Shenan said.
If all that doesn't work, i still can do a re-install if necessary.

grtz,
Chris.

"PA Bear [MS MVP]" <PABe...@gmail.com> schreef in bericht

news:uB5hdQdj...@TK2MSFTNGP02.phx.gbl...

PA Bear [MS MVP]

unread,
Jan 5, 2010, 7:38:50 PM1/5/10
to
You should have thought about this before you allowed your NAV subscription
to lapse, however briefly, last year. See...

Help: I Got Hacked. Now What Do I Do?
http://technet.microsoft.com/en-us/library/cc700813.aspx

Your computer's compromised and none of your data should be considered
trustworthy (includes all online usernames & passwords; e.g., online banking
& credit cards).

The only way to get the computer back into a trusted, secure state is via a
clean install.

Chris Dupont wrote:
> PA bear,
>
> Thanks for the info, but i was looking for a solution without having to
> reinstall windows.
> There has to be a solution, which is not so radical.
> So for now, i'm going to try what Shenan said.
> If all that doesn't work, i still can do a re-install if necessary.
>

Chris Dupont

unread,
Jan 5, 2010, 8:01:52 PM1/5/10
to
It wasn't my NAV that expired, it was KAV about a year ago that expired.
By the way, i never knew such bad software as Norton Antivirus,
it continually let trojans and other malware go through.
And this problem only started a couple of months ago.
So how do you know if it's related.


"PA Bear [MS MVP]" <PABe...@gmail.com> schreef in bericht

news:OQCqBkmj...@TK2MSFTNGP04.phx.gbl...

MowGreen

unread,
Jan 6, 2010, 2:42:36 PM1/6/10
to
Chris Dupont wrote:

> It wasn't my NAV that expired, it was KAV about a year ago that expired.
> By the way, i never knew such bad software as Norton Antivirus,
> it continually let trojans and other malware go through.
> And this problem only started a couple of months ago.
> So how do you know if it's related.
>

By the Services that can not be started and the Malwarebytes
anti-malware log, Chris:

" I've discovered that the problem is related to the fact that the
Windows WMI-service can't be started.
Also can't start 2 other services, cfr. Security center service and
Windows firewall service. "

3)Malwarebytes :


Infected Registry Keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302}
(Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e}

(Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined
and deleted successfully.

I second PA Bear's thoughts on this, Chris. It's time to format and
reinstall.


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

banthecheck.com
"Security updates should *never* have *non-security content* prechecked"

> "PA Bear [MS MVP]" <PABe...@gmail.com> schreef in bericht

neovo@discussions.microsoft.com pg neovo

unread,
Jun 23, 2010, 12:08:22 AM6/23/10
to


" Shenan Stanley "skrev :

> Chris Dupont skrev :
> > Når jeg forsøger at opdatere via Windows Update site, den grønne bar bar
> > netop holder på at rulle endeløst ....
> >
> > Jeg har fundet følgende info i min Windowsupdate.log ( Er der nogen
> > har nogen anelse om, hvad der kan være problemet her ?) :
> >
> >
> > 2010/01/03 21:09:34:390 1424 808 Agent ADVARSEL : Kunne ikke vurdere
> > Installeret regel , updateId =
> > { 02FF0A91 - FC2F - 4.218 - AAF5 - D28FDD327581 } 0,105 , hr = 80.080.005
> > 2010/01/03 21:09:34:390 1424 808 PT ADVARSEL :
> > CAgentUpdateManager :: DetectForUpdates mislykkedes: 0x8024000b 2010/01/03
> > 21:09:34:390 1424 808 PT ADVARSEL : Sync af opdateringer: 0x8024000b
> > 2010/01/03 21:09:34:390 1424 808 PT ADVARSEL :
> > SyncServerUpdatesInternal mislykkedes: 0x8024000b 2010/01/03
> > 21:09:34:390 1424 808 Agent * ADVARSEL : Kunne ikke synkronisere ,
> > fejl = 0x8024000B 2010/01/03 21:09:34:562 1424 808 Agent *
> > ADVARSEL : Exit code = 0x8024000B 2010/01/03 21:09:34:562 1424 808
> <snipped>
>
>
> Giv dit OS information. Her er nogle tips om hvordan man får
> meget specifikke :
>
> Start-knappen -> RUN
> (ingen " RUN "? Tryk på "Windows Key "+ R på tastaturet )
> - > type i:
> winver
> - > Klik OK.
>
> På billedet øverst i det vindue, der åbnes vil give dig den generelle
> ( Operating System navn og hvilken udgave ), mens linjen starter med ordet
> " version " vil give dig resten af historien. Post _both_ som reaktion
> denne besked ordret . Ingen omskrive - i stedet - sikre
> tegn -for- tegn kopiering.
>
> Hvilken version af Internet Explorer du bruger i øjeblikket ? Nemt at finde
> ud. Åbn Internet Explorer , og mens det er in-focus , skal du trykke på og holde
> "ALT " tasten på tastaturet. Med " ALT " tasten stadig trykket ind, tryk
> ( en enkelt gang , ingen bedriften) "H "-tasten. Nu med " ALT " tasten stadig
> trykket ind, tryk ( en enkelt gang , ingen bedriften) "A "-tasten. Det vil opdrage
> "Om Internet Explorer " -vinduet. Det vil give dig den nøjagtige gengivelse
> du bruger - gentage, hvad du ser der som svar på denne meddelelse.
>
> Hvordan at afgøre, om en computer kører en 32- bit version eller
> 64- bit version af Windows-operativsystemet
> http://support.microsoft.com/kb/827218
>
> Alle , der kan være vigtige at løse dine specifikke spørgsmål.
>
> Da jeg endnu ikke har disse oplysninger fra dig, kan jeg kun opfordre til
> nogle grundlæggende ting og nogle ting med forbehold , at du bliver nødt til at
> bestemme ( baseret ud de oplysninger, du indsamler og deler brug af
> ovennævnte metoder ), som du har brug for / skal / kan gøre.
>
> Basic stuff :
>
> Genstart og logon som administrative bruger.
>
> Hent, installer , kør , opdatere og udføre en fuld scanning med følgende
> ( freeware version) :
>
> SuperAntiSpyware
> http://www.superantispyware.com/
>
> Genstart og logon som administrative bruger.
>
> Hent, installer , kør , opdatere og udføre en fuld scanning med følgende
> ( freeware version) :
>
> Malwarebytes
> http://www.malwarebytes.com/
>
> Genstart og logon som administrative bruger.
>
> Download og kør MSRT manuelt:
> http://www.microsoft.com/security/malwareremove/default.mspx
>
> Du kan finde noget , kan du kun finde cookies, kan du synes, det er en
> spild af tid - men hvis du gør alt dette og melde tilbage her med hvad du
> gøre / don 't finde som du gør det hele - du er ved at tilføje flere brikker til at
> puslespillet og hele billedet bare kan blive klarere og din
> problem løst.
>
> Du bør også køre en fuld CHKDSK og defragmentering . Hvordan du gør
> dette vil afhænge af din OS.


>
> Windows XP CHKDSK :
> http://support.microsoft.com/kb/315265
>
> Windows Vista CHKDSK :
> http://www.windows-help-central.com/windows-vista-chkdsk.html
>
> Windows XP Defragmentation :
> http://support.microsoft.com/kb/314848
>
> Windows Vista Defragmentation :
> http://windows.microsoft.com/en-us/windows-vista/Improve-performance-by-defragmenting-your-hard-disk
>
>

> Fortsæt ved at fastsætte din Windows Update system ...
>
> 32-bit operativsystem :
>
> Hvordan nulstiller jeg Windows Update -komponenter ?
> http://support.microsoft.com/kb/971058
>
> .... og klik på "Microsoft Fix it " ikon. Når du bliver spurgt , skal du vælge " RUN " ,
> begge gange . Check "Jeg er enig "boks og klik på " Næste ". Marker feltet
> for " Run aggressive muligheder (ikke anbefalet) " og klik på " Næste " . Lad
> slutte op og følge instruktionerne , før det sker . Luk / exit og
> genstarte , når det er.
>
> 64-bit Windows Vista:
>
> Hent, installer og kør ...
>
> System Update Readiness Tool til x64- baserede systemer
> http://www.microsoft.com/downloads/details.aspx?FamilyId=f6f353c0-d00e-43e7-97ef-0feefc7ff064
>
>
> Genstart og logon som administrative bruger.
>
> Prøv at hente opdateringer .
>
> Kom tilbage og lad os det vide.
>
> -
> Shenan Stanley
> MS- MVP
> -
> Hvordan til at stille spørgsmål Smart Way
> http://www.catb.org/ ~ esr / faqs / smart - questions.html
>
>
>.
>

pg neovo

unread,
Jun 23, 2010, 12:08:23 AM6/23/10
to


" Shenan Stanley "skrev :

> Chris Dupont skrev :
> > Når jeg forsøger at opdatere via Windows Update site, den grønne bar bar
> > netop holder på at rulle endeløst ....
> >
> > Jeg har fundet følgende info i min Windowsupdate.log ( Er der nogen
> > har nogen anelse om, hvad der kan være problemet her ?) :
> >
> >
> > 2010/01/03 21:09:34:390 1424 808 Agent ADVARSEL : Kunne ikke vurdere
> > Installeret regel , updateId =
> > { 02FF0A91 - FC2F - 4.218 - AAF5 - D28FDD327581 } 0,105 , hr = 80.080.005
> > 2010/01/03 21:09:34:390 1424 808 PT ADVARSEL :
> > CAgentUpdateManager :: DetectForUpdates mislykkedes: 0x8024000b 2010/01/03
> > 21:09:34:390 1424 808 PT ADVARSEL : Sync af opdateringer: 0x8024000b
> > 2010/01/03 21:09:34:390 1424 808 PT ADVARSEL :
> > SyncServerUpdatesInternal mislykkedes: 0x8024000b 2010/01/03
> > 21:09:34:390 1424 808 Agent * ADVARSEL : Kunne ikke synkronisere ,
> > fejl = 0x8024000B 2010/01/03 21:09:34:562 1424 808 Agent *

> > ADVARSEL : Exit code = 0x8024000B 2010/01/03 21:09:34:562 1424 808
> <snipped>
>
>

> dette vil afhænge af din OS.


>
> Windows XP CHKDSK :
> http://support.microsoft.com/kb/315265
>
> Windows Vista CHKDSK :
> http://www.windows-help-central.com/windows-vista-chkdsk.html
>
> Windows XP Defragmentation :
> http://support.microsoft.com/kb/314848
>
> Windows Vista Defragmentation :
> http://windows.microsoft.com/en-us/windows-vista/Improve-performance-by-defragmenting-your-hard-disk
>
>

0 new messages