I dont get it.
Get strange failure in windows error log already from start.
I have DOD the drive low formatting tried everything. itґs
still there.
(in clean windows xp without even beeing on internet and new install)
If i use procexp from sysinternals to view user access to the svchost processes i can see Questionmarked users and that everyone is allowed.
When i start up my computer the screen blinks for a while before i can log in.
Dont know where to start. seeing to much when i investigate it myself.
I suffered from this about a year now and formatting, zero fill the harddrive many times but itґs still there.
Spyboot search and destroy reports smitfraud-c in rundll32.exe etc.
take a look at the logs and everything i send. (i send over setuperr from installing winxp pro too) inklusive the logs according to ґthe rulesґ
This seem to be something that can survive in mbr.
If it is then it would be great if itґs possible to find a solution to this so we altogheter could get rid of this as it does not show itself that easily.
little info from windows log when itґs clean.
1 event 63
A provider, HiPerfCooker_v1, has been registered in the WMI namespace,
Root\WMI, to use the LocalSystem account. This account is privileged and
the provider may cause a security violation if it does not correctly
impersonate user requests.
2 event 63
A provider, CmdTriggerConsumer, has been registered in the WMI namespace,
Root\cimv2, to use the LocalSystem account. This account is privileged
and the provider may cause a security violation if it does not correctly
impersonate user requests.
3 event 5603
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace,
root\RSOP, but did not specify the HostingModel property.
This provider will be run using the LocalSystem account.
This account is privileged and the provider may cause a security violation
if it does not correctly impersonate user requests.
Ensure that provider has been reviewed for security behavior and update
the HostingModel property of the provider registration to an account with
the least privileges possible for the required functionality.
Yes i know that microsoft says that this can occur if you install an service
pack, but this seem to be something else...
using winobj from sysinternals i can see alot of strange things:
WBEM open for business?? whats that?
Sincerely Tommy