Re: WMIPROV.LOG

anonymous_at_discussions.microsoft.com
Date: 06/30/04 

Date: Tue, 29 Jun 2004 22:01:28 -0700

Thanks very much for the help. I've checked for Sasser now
and it appears my PC is clean.
>-----Original Message-----
>Since you PC is rebooting spontaneously, I would strongly
suggest going to
>http://www.microsoft.com/security/incident/sasser.mspx
and following those
>steps to ensure you do not have the Sasser virus (or any
other virus/worm).
>
>The log messages are unrelated to any PC rebooting.
>
>--
>Philip Nunn [MSFT]
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Use of included script samples are subject to the terms
specified at
>http://www.microsoft.com/info/cpyright.htm.
><steve6690@hotmail.com> wrote in message
>news:21d1401c45b8c$506371a0$a501280a@phx.gbl...
>> I'm seeing the following entries in WMIPROV.log.
>> Coincidentally my PC is restarting itself at random
>> intervals which may or may not be linked. Could anyone
>> please tell me what these entries might mean ?
>>
>> (Sat Jun 19 15:40:44 2004.268453) :
BinaryMofsHaveChanged
>> returned TRUE:
>> (Sat Jun 19 15:40:45 2004.269296) : Local Events
Verified
>> called, glEventsRegistered: 0
>> (Sat Jun 19 15:40:45 2004.269296) : Instance Provider
>> constructed
>> (Sat Jun 19 15:40:45 2004.269296) : WDM call returned
>> error: 4200
>> (Sat Jun 19 15:40:45 2004.269421) : End of processing
>> Binary MOFS***************
>> (Sat Jun 19 15:40:45 2004.269421) : Successfully
>> Registered for Mof Events
>> (Sat Jun 19 15:40:45 2004.269421) : Local Events
Verified
>> called, glEventsRegistered: 1
>> (Sat Jun 19 15:41:45 2004.329437) : Instance Provider
>> destructed
>> (Sat Jun 19 15:42:15 2004.359437) : Impersonation
failed -
>> Access denied(Sat Jun 19 15:42:15 2004.359437) : No
longer
>> registered for Mof events
>> (Sat Jun 19 17:16:26 2004.263203) : WDM call returned
>> error: 4200
>> (Sat Jun 19 17:16:26 2004.263218) : ***************
>> (Sat Jun 19 17:16:26 2004.263218) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Sat Jun 19 20:15:38 2004.277640) : WDM call returned
>> error: 4200
>> (Sat Jun 19 20:15:38 2004.277640) : ***************
>> (Sat Jun 19 20:15:38 2004.277640) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Sat Jun 19 22:17:57 2004.268937) : WDM call returned
>> error: 4200
>> (Sat Jun 19 22:17:57 2004.268953) : ***************
>> (Sat Jun 19 22:17:57 2004.268953) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Sun Jun 20 01:43:40 2004.137093) : ***************
>> (Sun Jun 20 01:43:40 2004.137109) :
BinaryMofEventChanged
>> returned FALSE:
>> (Sun Jun 20 01:46:00 2004.276343) : WDM call returned
>> error: 4200
>> (Sun Jun 20 01:46:00 2004.276343) : ***************
>> (Sun Jun 20 01:46:00 2004.276343) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Sun Jun 20 20:45:01 2004.262375) : WDM call returned
>> error: 4200
>> (Sun Jun 20 20:45:01 2004.262375) : ***************
>> (Sun Jun 20 20:45:01 2004.262375) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Mon Jun 21 11:30:01 2004.262859) : WDM call returned
>> error: 4200
>> (Mon Jun 21 11:30:01 2004.262875) : ***************
>> (Mon Jun 21 11:30:01 2004.262875) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Mon Jun 21 12:54:01 2004.263109) : WDM call returned
>> error: 4200
>> (Mon Jun 21 12:54:01 2004.263109) : ***************
>> (Mon Jun 21 12:54:01 2004.263109) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Mon Jun 21 13:21:44 2004.262046) : WDM call returned
>> error: 4200
>> (Mon Jun 21 13:21:44 2004.262062) : ***************
>> (Mon Jun 21 13:21:44 2004.262062) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Mon Jun 21 14:50:20 2004.263140) : WDM call returned
>> error: 4200
>> (Mon Jun 21 14:50:20 2004.263140) : ***************
>> (Mon Jun 21 14:50:20 2004.263140) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Tue Jun 22 02:08:30 2004.276828) : WDM call returned
>> error: 4200
>> (Tue Jun 22 02:08:30 2004.276828) : ***************
>> (Tue Jun 22 02:08:30 2004.276828) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Tue Jun 22 11:52:29 2004.263078) : WDM call returned
>> error: 4200
>> (Tue Jun 22 11:52:29 2004.263078) : ***************
>> (Tue Jun 22 11:52:29 2004.263078) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Tue Jun 22 13:50:47 2004.268609) : WDM call returned
>> error: 4200
>> (Tue Jun 22 13:50:47 2004.268625) : ***************
>> (Tue Jun 22 13:50:47 2004.268625) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Wed Jun 23 14:30:39 2004.262750) : WDM call returned
>> error: 4200
>> (Wed Jun 23 14:30:39 2004.262750) : ***************
>> (Wed Jun 23 14:30:39 2004.262750) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Thu Jun 24 15:20:59 2004.262656) : WDM call returned
>> error: 4200
>> (Thu Jun 24 15:20:59 2004.262671) : ***************
>> (Thu Jun 24 15:20:59 2004.262671) :
BinaryMofsHaveChanged
>> returned FALSE:
>> (Thu Jun 24 21:44:06 2004.262453) : WDM call returned
>> error: 4200
>> (Thu Jun 24 21:44:06 2004.262453) : ***************
>> (Thu Jun 24 21:44:06 2004.262453) :
BinaryMofsHaveChanged
>> returned FALSE:
>>
>> thanks
>>
>> Steve
>
>
>.
>

Relevant Pages

  • Re: unable to connect via ip
    ... What tool or method did you use to clean the system? ... you tried the STINGER tool from McAfee? ... Sasser, Blaster and the others. ... the infection. ...
    (microsoft.public.windowsupdate)
  • Re: New LSASS.exe problem! (firewall related)
    ... After the first few entries ... No sasser, no virus at all. ... Just incompetence. ...
    (microsoft.public.windowsxp.general)
  • Re: do i have sasser?
    ... I do not think it is sasser... ... take an evening to do some check-ups, clean your system, ... update antivirus & sypwarescanners... ...
    (microsoft.public.security.virus)
  • RE: sasser worm
    ... >exhibit the lsass.exe errors tied to sasser. ... You can use the cleaner tools at the following Microsoft site to accomplish the clean of the worm. ... This tool is to be updates ASAP to deal with all varients of the sasser worms sometime today. ... This will stop the system from rebooting long enough for you to download the MS04-011 patch and the cleaner tool. ...
    (microsoft.public.security.virus)
  • Page cannot be displayed
    ... How did you clean the system?? ... Have you tried to access through an ftp address? ... >Help, I was infected with Sasser, I cleaned the system ... into the Symantec web site. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)