Messages

1

Tweaking.com Support & Help / Re: registry backup

« on: November 26, 2020, 05:02:37 pm »

FYI.

After upgrading to Win 10 pro 20H2 event viewer reports:

Faulting application name: TweakingRegistryBackup.exe, version: 3.5.0.3, time stamp: 0x582f3b59
Faulting module name: MSVBVM60.DLL, version: 6.0.98.15, time stamp: 0x49b01fc3
Exception code: 0xc000041d
Fault offset: 0x000c9ba6
Faulting process id: 0x2340
Faulting application start time: 0x01d6c454965b5663
Faulting application path: C:\portable apps\tweaking.com\registry_backup_portable\TweakingRegistryBackup.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVBVM60.DLL
Report Id: b09f815d-b66e-4b05-80f1-f47351086021
Faulting package full name:
Faulting package-relative application ID:

PS... I have deleted the schedule till notification from you that this has been fixed. Thank you.

Boggin wrote on: November 12, 2020, 02:36:25 PM »

  "so it is inadvisable to use that as you cannot fully restore from it."

Should I then delete all the backup in the  registry_backup_portable backups folder? They would be useless, is that correct?

2

Tweaking.com Support & Help / Re: Windows 7 and WMI revisited

« on: October 06, 2019, 07:25:55 pm »

Willy2 wrote - Compare the registry content with the content of "Winmgmt.reg" !!!

Winmgmt.reg from Windows Repair Portable 4.5.5 -  size 3.03KB

 - these are the values it wrote to the registry after the WR and which disabled WMI, Security Centre etc.... by the k netsvcs value it inserted.

Windows Registry Editor Version 5.00 -
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
"DisplayName"="Windows Management Instrumentation"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"ObjectName"="localSystem"
"ErrorControl"=dword:00000000
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ServiceSidType"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,02,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ServiceMain"="ServiceMain"

-------

Willy2 wrote - But WR doesn't write the entire content of that registry entry. It only writes a part of that key into the registry.

You may be right,  the Security  subkey must have been there already - size 1.98KB

Altered Winmgmt.reg from registry  after  I manually changed the image path  from k netsvcs to  k winmgmt, see the screenshot posted before :

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
"DisplayName"="Windows Management Instrumentation"
"ImagePath"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,77,69,6e,6d,67,6d,74,00
"Description"="Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"ObjectName"="localSystem"
"ErrorControl"=dword:00000000
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,50,43,53,53,00,00
"ServiceSidType"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,02,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00
"DelayedAutoStart"=dword:00000000
"Group"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,77,62,65,6d,5c,57,4d,49,73,76,63,2e,64,6c,6c,00
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Security]
"Security"=hex:01, & a whole set of numbers.

This ^^^^^^ is what is now the Winmgmt.reg in Windows Repair Portable 4.5.5 as I have replaced the original one with it.

Hope that makes sense to you.

3

Tweaking.com Support & Help / Re: Windows 7 and WMI revisited

« on: October 06, 2019, 01:14:13 am »

Thanks Willy2.

I use Registrar Registry Manager (free version) for when working with the registry and it exported the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt key (the one I changed) as one reg file including subkeys Parameters and Security.

It's the orininal Shane netsvc wmimgmt.reg file that is bigger than the winmgmt one I replaced it with after altering the path in the registry.  A bit difficlut to tell as they are saved in hex format but the image path servicedll numbers  and are different when opened in Notepad. No matter, I'll soon know next time I do a repair if it has worked. I can always run (I hope) the altered reg by itself in safe mode to merge it into the regitsry or manually change it if needs be,

It seems that conditional statements are not allowed in reg files but are in bat files.

The only solution I reckon would be to have two wmimgmt.reg files (wmimgmt.reg and wmimgmtx86.reg) and (if possible) a script that somehow  gets the system type and then runs the appropriate reg file during the  "Repair WMI" and "Restore Important Services" repairs or when completed to correct the problem/mistake.

It may be a bit too complicated to implement and since the trend is towards 64 bit systems (all new one I've looked at are) not considered worthwile.

4

Tweaking.com Support & Help / Re: Windows 7 and WMI revisited

« on: October 04, 2019, 06:31:45 pm »

Hi

I don't know why my message below has  a pink background  on my muter but it seems to be awaiting approval for publication.

Thanks again both of you, Willy2 I have taken up your solution and yet to test it but I wonder if Shane's Winmgmt.reg is the same for 32 and 64 bit in which  case an if statement  if allowed in .reg files (if system 32 bit then... otherwise...)  might solve it.

Cheers

----------

Online plox
Newbie
*
Join Date: Jun 2013
Posts: 4
Karma: 0
View Profile Personal Message (Online)

Re: Windows 7 and WMI revisited
« Reply #9 on: Today at 02:20:23 AM »
QuoteModify
Note: This message is awaiting approval by a moderator.

Hello everyone.


Thanks for your contributions.

Interesting that k netsvcs works for 64 bit versions. Not sure what the -p does for the W10 Home version but yes I am on a WIN 7 Ultimate 32 bit system Willy 2.

I have backed up the original Winmgmt.reg and  replaced it with the exported values from my system and placed it in the location you suggested in WR  Portable 4.5.5 . Strange Shane's versión is 3.02 KB in size whereas my exported version which also contain a Security value is 1.98 KB.

Will it get overwritten when I upgrade to the next WR version?

I am more than happy to share a copy of it and upload it for anyone that needs it.

Anyone know which module runs the Winmgmt.reg, as it might be advisable to avoid running it till Shane fixes it.

5

Tweaking.com Support & Help / Re: Windows 7 and WMI revisited

« on: October 04, 2019, 02:20:23 am »

Hello everyone.

Thanks for your contributions.

Interesting that k netsvcs works for 64 bit versions. Not sure what the -p does for the W10 Home version but yes I am on a WIN 7 Ultimate 32 bit system Willy 2.

I have backed up the original Winmgmt.reg and  replaced it with the exported values from my system and placed it in the location you suggested in WR  Portable 4.5.5 . Strange Shane's versión is 3.02 KB in size whereas my exported version which also contain a Security value is 1.98 KB.

Will it get overwritten when I upgrade to the next WR version? 

I am more than happy to share a copy of it and upload it for anyone that needs it.

Anyone know which module runs the Winmgmt.reg, as it might be advisable to avoid running it till Shane fixes it.



 

6

Tweaking.com Support & Help / Windows 7 and WMI revisited

« on: September 29, 2019, 04:31:11 am »

Please see my original post made on: September 05, 2017, 09:27:59 PM :

https://www.tweaking.com/forums/index.php/topic,5442.0.html

I cannot understand why after all this time this problem still exists and has not been fixed.

Using Windows Repair Portable 4.5.5 I had occasion to carry out the standard repair yesterday and sure enough the registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt's Image path has  been reset to netsvcs.

This disables WMI and Security Centre

Please adjust whatever repair module that alters this setting to set:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt
Value Name: ImagePath
Value: %systemroot%\system32\svchost.exe -k winmgmt
 

See attached correct WMI Services screenshot after  netsvcs has been replaced with winmgmt.

Thank you very much

7

Tweaking.com Support & Help / Re: Windows 7 and WMI

« on: September 15, 2017, 02:22:01 am »

Hello again.

Thank you all for your contributions.

After another repair of Win7 and fearing that I had locked myself out the system I finally got it working again. Sorry about the delay in responding.

Not done any repairs apart from resetting registry permissions (#1) ,  reset file permissions (#2), repair safe mode, (#23) and ($22) repair file associations.

Windows Management Instrumentation is started  (set to automatic) while Winmgmt's path in services.msc is definitely :

C:\Windows\system32\svchost.exe -k netsvcs

Maybe there was a bug before that stopped it from starting.

Exploring a bit further when you look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost and netsvcs, winmgmt is present in the  list of services that it controls. It could be that the repairs omit to add it to that list!!!! which could explain the problem of the WMI service not starting.

*********

There's a couple of other queries I'd like to raise not related to this but rather than start a new post can I please ask them here, if not please redirect?

Reset file permissions
I am using version 4.0.5, looking at All Repairs (45) and I am sure that in previous version there was an option to reset file permissions on other drives - the present one only does C: drive from what I can see. Has this option been withdrawn?

***********

Backup Tools - System Restore
I always click on the create button and a confirmation comes back pretty well immediately  that one has been created with the date and time using an Admin loggin in Safemode.

While trying to sort out the computer I was looking for these restore points but could not find any.

I created one just now (in normal mode using a restricted account not sure if it makes a difference though it ought not to) - the response ->  Restore point created at Fri 15 Sep 2017 - 18:49:36.

I click on the button to Open System Restore and when it opens there is no mention of it.   Please check this out as one can easily be led  in the belief that these restore points are being created but in reality not (at least on my system).

Can you also please let me know what is entered in the Description and Type in System Restore when one is created through WR?

I manually created one a couple of hours ago before installing Zone Alarm and that is the last one displayed.

Many thanks again for your help and assistance.

8

Tweaking.com Support & Help / Windows 7 and WMI

« on: September 05, 2017, 09:27:59 pm »

Hello

I've been using  windows_repair_all_in_one Free version for years (as well as CleanMem) and it has been a lifesaver on many, many occasions for which I am eternally grateful.

I am on win 7 Ultimate and over the last couple of months I've had some severe problems which seemed to have been resolved by doing a repair installation however there is one  recurring problem which occurs whenever I do a repair of the WMI  and restore services in Safemode - not sure if this is caused by  Windows Repair or some bug in my system which is reported as being clean by Avast and HitmanPro.

WMI service would not start nor the Security Center service. Malwarebytes Anti-Ransomware Service I've just discovered relies on WMI to be running and I could not work out why it kept telling me that it had stopped working or clicking on the Fix it button did not work.

I also kept getting "Error 1083  The executable program that this service is configured to run in does not implement the service" whenever I clicked on the Dependencies tab in services.msc. Tried all sorts of repairs to no avail and was convinced that I had a hidden rootkit lurking somewhere but undetected by any of the tools like Combofix and others.

After a lot of searching and researching I finally came across the solution. It seems ( I may be wrong, please correct me if I am) that WR adds the following path for WMI which causes it and all associated dependencies to fail:

C:\Windows\system32\svchost.exe -k netsvcs

I've discovered that changing HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt's Image path to:

%systemroot%\system32\svchost.exe -k winmgmt

has solved all the problems I've been having with WMI and the other services.

Can you please check that WR does indeed add "netsvcs" to the path when doing Repair WMI  / Reset Service Permissions /  Restore Important important Windows Services / Set Windows Services to Default Startup and if so please replace it with "winmgmt"?

Thank you.

I also notice that one of WR's scripts enables the Security Centre in Safemode ( WMI Repair, I think) can you  please let me know if this can be achieved with the Technicians Toolbox or by other means.

Thanks again for a marvelous and indispensable set of programs, only wished I could afford the Pro versions to help support your altruism, dedication and responsiveness  to your grateful users.

All the best.

PS - I recall asking this query years ago and not sure if thing have changed since but is it also possible to add an option to restore Windows services according to Black Viper's !Safe_W7_reg configurations - mine is win32  (http://www.blackviper.com/downloads/Win7/Registry_Files/Safe_W7_Ultimate_32_SP1_Start_v100.zip)?

Cheers.

9

Tweaking.com Support & Help / Windows Repair (All in One)

« on: July 30, 2014, 02:09:37 am »

Hi

Been using Windows Repair for ages and it has saved me many times to restore my  XP computer after malware  attacks and other problems.

I do have a query regarding the restoration of Services.

I have ports 137, 138.139, 1900, 2869.445 blocked as a security measure since someone hijacked my computer and caused me heaps of trouble - still not sure if it safe - and I notice that those services are restored in the registry after doing a repair.

I use Windows Worms Doors Cleaner to disable those services as well blocking the ports with my firewall.

Is it possible to have an option to have those services disabled as part of a security considerations in Windows Repair (All in One) and Set Windows Services To Default Startup?

Thanks and also many thanks for great programs that have proven to be life savers. much appreciated.