If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Event Error SecurityCenter ID: 1802
I'm experiencing the following error warning every time W XP starts:
## Event Error SecurityCenter ID: 1802 The Windows Security Center Service was unable to establish event queries with WMI to monitor third party Antivirus and Firewall. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ### I have the XP proprietary firewall active and use a third party Antivirus software up to date that is not monitored by the system but why this is referring to the firewall? Thanks in advance |
Ads |
#2
|
|||
|
|||
Event Error SecurityCenter ID: 1802
"Abigail" wrote: I'm experiencing the following error warning every time W XP starts: ## Event Error SecurityCenter ID: 1802 The Windows Security Center Service was unable to establish event queries with WMI to monitor third party Antivirus and Firewall. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ### I have the XP proprietary firewall active and use a third party Antivirus software up to date that is not monitored by the system but why this is referring to the firewall? Thanks in advance The error about MS Security Center not being able to track or recognize your anti-virus, check that the Firewall service for TrendMicro is Enabled Auto and working in the Services control panel. 1... Click start Control Panel Double Click Network and Internet Connections Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit or you can send them here in your next post) and click [OK] to confirm your Changes. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Click on Advanced Tab and scroll down under the browsing option and uncheck this box: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) and click Apply then OK to close your IE Properties. Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html http://onecare.live.com/site/en-gb/d....htm?s_cid=sah http://onecare.live.com/standard/en-gb/default.htm Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Comodo BOClean : Anti-Malware Version 4.27 http://www.comodo.com/boclean/boclean.html Download Comodo Firewall an disbale windows FW and see if the error will be logged or you can go for Kerio or ZA free firewall. http://www.personalfirewall.comodo.c..._firewall.html HTH, nass --- http://www.nasstec.co.uk |
#3
|
|||
|
|||
Event Error SecurityCenter ID: 1802
Nope, done with all your recommendations but the error is still present, any
more ideas? Thanks Abigail "nass" wrote: The error about MS Security Center not being able to track or recognize your anti-virus, check that the Firewall service for TrendMicro is Enabled Auto and working in the Services control panel. 1... Click start Control Panel Double Click Network and Internet Connections Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit or you can send them here in your next post) and click [OK] to confirm your Changes. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Click on Advanced Tab and scroll down under the browsing option and uncheck this box: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) and click Apply then OK to close your IE Properties. Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html http://onecare.live.com/site/en-gb/d....htm?s_cid=sah http://onecare.live.com/standard/en-gb/default.htm Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Comodo BOClean : Anti-Malware Version 4.27 http://www.comodo.com/boclean/boclean.html Download Comodo Firewall an disbale windows FW and see if the error will be logged or you can go for Kerio or ZA free firewall. http://www.personalfirewall.comodo.c..._firewall.html HTH, nass --- http://www.nasstec.co.uk |
#4
|
|||
|
|||
Event Error SecurityCenter ID: 1802
"Abigail" wrote: Nope, done with all your recommendations but the error is still present, any more ideas? Thanks Abigail MS:: Quote Stopping and Starting the WMI Service If you are experiencing problems with the WMI service you might need to manually stop and restart the service. Before doing so you should enable WMI’s verbose logging option. This provides additional information in the WMI error logs that might be useful in diagnosing the problem. To enable verbose logging using the WMI control, do the following: 1.Open the Computer Management MMC snap-in and expand Services and Applications. 2.Right-click WMI Control and click Properties. 3.In the WMI Control Properties dialog box, on the Logging tab, select Verbose (includes extra information for Microsoft troubleshooting) and then click OK. Alternatively, you can modify the following registry values: •Set HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\L ogging to 2. •Set HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\L ogging File Max Size to 4000000. After enabling verbose logging try stopping the WMI service by typing the following Open a run command prompt: net stop winmgmt If the net stop command fails you can force the service to stop by typing this: winmgmt /kill Important. If you are running Windows XP or Windows Server 2003 the WMI service runs inside a process named Svchost; this process contains other services as well as WMI. Because of that, you should not try to stop Svchost; if you succeed, you’ll stop all the other services running in that process as well. Instead, use net stop winmgmt or winmgmt /kill in order to stop just the WMI service. You can then restart the service by typing the following command: net start winmgmt If the service does not restart try rebooting the computer to see if that corrects the problem. If it does not, then continue reading. MS:: /Quote "WMI Diagnosis Utility" http://www.microsoft.com/technet/scr...p/wmidiag.mspx Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC http://support.microsoft.com/kb/909444 Also you can download the DiagWMI from here and some good solutions on the page: http://windowsxp.mvps.org/repairwmi.htm. = Open a run command and try to re-register these DLLs: regsvr32 hnetcfg.dll regsvr32 netcfgx.dll regsvr32 netman.dll regsvr32 atl.dll regsvr32 netshell.dll Also try repair the WMI as descriped he http://groups.google.com/group/micro...a6ab3690bc75a0 |
#5
|
|||
|
|||
Event Error SecurityCenter ID: 1802
Stopping and Starting WMI was successful but did not correct the error.
I downloaded and run the WMI Diagnosis Utility and the following is the text in the report (parts pertaining to the errors only) :: #################### ....92 20:38:01 (1) !! ERROR: The SYSTEM32 folder is NOT in the PATH. ....93 20:38:01 (1) !! ERROR: The WBEM folder is NOT in the PATH. ....94 20:38:01 (3) The PATH environment variable has a maximum length of 512 characters. Current PATH length is 18 characters. ....95 20:38:01 (4) Reading registry (REG_DWORD) 'HKCU\Software\Microsoft\Windows Script Host\Settings\Timeout'. ....96 20:38:01 (4) Reading registry (REG_DWORD) 'HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout'. ...446 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in registry key "HKCR\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32\". ...447 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) : 'C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL' is not registered correctly, missing '\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32'. ...451 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in registry key "HKCR\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32\". ...452 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) : 'C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL' is not registered correctly, missing '\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32'. ...580 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in registry key "HKCR\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32\". ...581 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) : 'C:\WINNT\SYSTEM32\WBEM\WBEMPROX.DLL' is not registered correctly, missing '\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32'. 18280 20:44:38 (1) !! ERROR: Environment: .................................................. ................................................ 3 ITEM(S)! 18281 20:44:38 (1) !! ERROR: = The following path(s) is/are missing from the PATH environment variable: 18282 20:44:38 (0) ** - C:\WINNT\SYSTEM32 18283 20:44:38 (0) ** - C:\WINNT\SYSTEM32\WBEM 18284 20:44:38 (0) ** Failing to have the listed path(s) in the PATH environment variable 18285 20:44:38 (0) ** could prevent the system to work properly. 18286 20:44:38 (0) ** INFO: = 4 incorrect shutdown(s) detected on: 18287 20:44:38 (0) ** - Shutdown on 22 September 2008 00:03:18 (GMT+4). 18288 20:44:38 (0) ** - Shutdown on 24 September 2008 12:44:53 (GMT+4). 18289 20:44:38 (0) ** - Shutdown on 24 September 2008 12:49:36 (GMT+4). 18290 20:44:38 (0) ** - Shutdown on 26 September 2008 14:34:34 (GMT+4). 18388 20:44:38 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_HAL-9000_2008.10.01_20.37.20.LOG' for details. #################### "nass" wrote: MS:: Quote Stopping and Starting the WMI Service If you are experiencing problems with the WMI service you might need to manually stop and restart the service. Before doing so you should enable WMI’s verbose logging option. This provides additional information in the WMI error logs that might be useful in diagnosing the problem. To enable verbose logging using the WMI control, do the following: 1.Open the Computer Management MMC snap-in and expand Services and Applications. 2.Right-click WMI Control and click Properties. 3.In the WMI Control Properties dialog box, on the Logging tab, select Verbose (includes extra information for Microsoft troubleshooting) and then click OK. Alternatively, you can modify the following registry values: •Set HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\L ogging to 2. •Set HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\L ogging File Max Size to 4000000. After enabling verbose logging try stopping the WMI service by typing the following Open a run command prompt: net stop winmgmt If the net stop command fails you can force the service to stop by typing this: winmgmt /kill Important. If you are running Windows XP or Windows Server 2003 the WMI service runs inside a process named Svchost; this process contains other services as well as WMI. Because of that, you should not try to stop Svchost; if you succeed, you’ll stop all the other services running in that process as well. Instead, use net stop winmgmt or winmgmt /kill in order to stop just the WMI service. You can then restart the service by typing the following command: net start winmgmt If the service does not restart try rebooting the computer to see if that corrects the problem. If it does not, then continue reading. MS:: /Quote "WMI Diagnosis Utility" http://www.microsoft.com/technet/scr...p/wmidiag.mspx Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC http://support.microsoft.com/kb/909444 Also you can download the DiagWMI from here and some good solutions on the page: http://windowsxp.mvps.org/repairwmi.htm. = Open a run command and try to re-register these DLLs: regsvr32 hnetcfg.dll regsvr32 netcfgx.dll regsvr32 netman.dll regsvr32 atl.dll regsvr32 netshell.dll Also try repair the WMI as descriped he http://groups.google.com/group/micro...a6ab3690bc75a0 |
#6
|
|||
|
|||
Event Error SecurityCenter ID: 1802
"Abigail" wrote: Stopping and Starting WMI was successful but did not correct the error. I downloaded and run the WMI Diagnosis Utility and the following is the text in the report (parts pertaining to the errors only) :: #################### ...92 20:38:01 (1) !! ERROR: The SYSTEM32 folder is NOT in the PATH. ...93 20:38:01 (1) !! ERROR: The WBEM folder is NOT in the PATH. ...94 20:38:01 (3) The PATH environment variable has a maximum length of 512 characters. Current PATH length is 18 characters. ...95 20:38:01 (4) Reading registry (REG_DWORD) 'HKCU\Software\Microsoft\Windows Script Host\Settings\Timeout'. ...96 20:38:01 (4) Reading registry (REG_DWORD) 'HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout'. ..446 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in registry key "HKCR\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32\". ..447 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) : 'C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL' is not registered correctly, missing '\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32'. ..451 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in registry key "HKCR\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32\". ..452 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) : 'C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL' is not registered correctly, missing '\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32'. ..580 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in registry key "HKCR\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32\". ..581 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) : 'C:\WINNT\SYSTEM32\WBEM\WBEMPROX.DLL' is not registered correctly, missing '\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32'. 18280 20:44:38 (1) !! ERROR: Environment: .................................................. ............................................... 3 ITEM(S)! 18281 20:44:38 (1) !! ERROR: = The following path(s) is/are missing from the PATH environment variable: 18282 20:44:38 (0) ** - C:\WINNT\SYSTEM32 18283 20:44:38 (0) ** - C:\WINNT\SYSTEM32\WBEM 18284 20:44:38 (0) ** Failing to have the listed path(s) in the PATH environment variable 18285 20:44:38 (0) ** could prevent the system to work properly. 18286 20:44:38 (0) ** INFO: = 4 incorrect shutdown(s) detected on: 18287 20:44:38 (0) ** - Shutdown on 22 September 2008 00:03:18 (GMT+4). 18288 20:44:38 (0) ** - Shutdown on 24 September 2008 12:44:53 (GMT+4). 18289 20:44:38 (0) ** - Shutdown on 24 September 2008 12:49:36 (GMT+4). 18290 20:44:38 (0) ** - Shutdown on 26 September 2008 14:34:34 (GMT+4). 18388 20:44:38 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_HAL-9000_2008.10.01_20.37.20.LOG' for details. #################### Open a notepad and copy and paste the following and save on the desktop as WMI.bat and then double click it to excute! regsvr32 wbemprox.dll regsvr32 Fastprox.dll regsvr32 hnetcfg.dll regsvr32 netcfgx.dll regsvr32 netman.dll regsvr32 atl.dll regsvr32 netshell.dll Make sure these services are started or restart them again: Event Log Auto Windows Management Instrumentation Auto (first RPC not the second one set to Manuall) Remote Procedure Call (RPC) Auto DCOM Server Process Launcher Auto Reboot your machine and wait for a while and see the timestamp to the event logs, does it log the error again? Setting The Default WMI Namespace Security: http://community.spiceworks.com/educ...ty?query=W MI Setting The Default DCOM Properties And Security: http://community.spiceworks.com/educ...s_And_Security Right click My Computer and select Properties. On the System Properties click on Advanced tab then click on [ Environment Variables ] Button and under System Variables make sure these settings correct: Variable | Value ComSpec %SystemRoot%\system32\cmd.exe Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32 \wbem;%SystemRoot%\system32;%SystemRoot%;%SystemRo ot%\System32\Wbem PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP %SystemRoot%\TEMP TMP %SystemRoot%\TEMP windir %SystemRoot% NOTE the above copied from the Edit Window, it will take the Path letter C:\Windows\Temp for Exm.. Disabling Windows Script Host http://www.microsoft.com/technet/scr....mspx?mfr=true HTH, nass --- http://www.nasstec.co.uk |
#7
|
|||
|
|||
Event Error SecurityCenter ID: 1802
Thanks for the tip; this is the result for the entries registration:
After each execution there was a prompt response: regsvr32 wbemprox.dll (LoadLibrary failed module not found) regsvr32 Fastprox.dll (LoadLibrary failed module not found) regsvr32 hnetcfg.dll (Success) regsvr32 netcfgx.dll (Success) regsvr32 netman.dll (Success) regsvr32 atl.dll (Success) regsvr32 netshell.dll (Success) “Event Error SecurityCenter ID: 1802” Still present Question: Should I try to look for the missing dll files and install them? Your help is greatly appreciated Abigail "nass" wrote: Open a notepad and copy and paste the following and save on the desktop as WMI.bat and then double click it to excute! regsvr32 wbemprox.dll regsvr32 Fastprox.dll regsvr32 hnetcfg.dll regsvr32 netcfgx.dll regsvr32 netman.dll regsvr32 atl.dll regsvr32 netshell.dll Make sure these services are started or restart them again: Event Log Auto Windows Management Instrumentation Auto (first RPC not the second one set to Manuall) Remote Procedure Call (RPC) Auto DCOM Server Process Launcher Auto Reboot your machine and wait for a while and see the timestamp to the event logs, does it log the error again? Setting The Default WMI Namespace Security: http://community.spiceworks.com/educ...ty?query=W MI Setting The Default DCOM Properties And Security: http://community.spiceworks.com/educ...s_And_Security Right click My Computer and select Properties. On the System Properties click on Advanced tab then click on [ Environment Variables ] Button and under System Variables make sure these settings correct: Variable | Value ComSpec %SystemRoot%\system32\cmd.exe Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32 \wbem;%SystemRoot%\system32;%SystemRoot%;%SystemRo ot%\System32\Wbem PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP %SystemRoot%\TEMP TMP %SystemRoot%\TEMP windir %SystemRoot% NOTE the above copied from the Edit Window, it will take the Path letter C:\Windows\Temp for Exm.. Disabling Windows Script Host http://www.microsoft.com/technet/scr....mspx?mfr=true HTH, nass --- http://www.nasstec.co.uk |
#8
|
|||
|
|||
Event Error SecurityCenter ID: 1802
"Abigail" wrote: Thanks for the tip; this is the result for the entries registration: After each execution there was a prompt response: regsvr32 wbemprox.dll (LoadLibrary failed module not found) regsvr32 Fastprox.dll (LoadLibrary failed module not found) regsvr32 hnetcfg.dll (Success) regsvr32 netcfgx.dll (Success) regsvr32 netman.dll (Success) regsvr32 atl.dll (Success) regsvr32 netshell.dll (Success) “Event Error SecurityCenter ID: 1802” Still present Question: Should I try to look for the missing dll files and install them? Your help is greatly appreciated Abigail Okay Abi, # From Ramesh: http://windowsxp.mvps.org/repairwmi.htm Run Type in: rundll32 wbemupgd, UpgradeRepository click [OK] Reboot your machine and see if that will help! Or Get the XP CD and copy and paste this command: rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf click [OK] Reboot your machine and see if that will help! You will find a copy he C:\Windows\ServicePackFiles\i386 #Try these commands: regsvr32 /u Fastprox.dll click [OK] regsvr32 /u wbemprox.dll click [OK] regsvr32 Fastprox.dll click [OK] regsvr32 wbemprox.dll click [OK] Reboot your machine and see if that will help. # Rebuilding the Repository again in a different way, open the command prompt again and type in: sc stop winmgmnt click [OK] Locate the direcorty for the Repository and rename it to Repository.old C:\Windows\system32\wbem\Repository sc start winmgmnt click [OK] Reboot your machine and test. # You experience slow system performance when you run a program that uses the WMI service on a Windows XP SP2-based computer or a Windows Server 2003 SP1-based computer http://support.microsoft.com/kb/911262 HTH, nass |
#9
|
|||
|
|||
Event Error SecurityCenter ID: 1802
Sorry to tell you that everything failed, below each of your steps is either
the unsuccessful attempt prompt response or the result (in caps): ####################################### "nass" wrote: Run Type in: rundll32 wbemupgd, UpgradeRepository click [OK] Reboot your machine and see if that will help! ERROR LOADING WBEMUPGD THE SPECIFIED MODULE COULD NOT BE FOUND Or Get the XP CD and copy and paste this command: rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf click [OK] Reboot your machine and see if that will help! You will find a copy he C:\Windows\ServicePackFiles\i386 COPIES A BUNCH OF FILES FROM CD CORRECTLY AND AFTER A WILE PROMPS ME THAT A NAPCLIENTPROV.MOF(UNKNOWN) FILE IS NEEDED AND CANNOT BE FOUND NEITHER IN THE XP CD OR CURRENT WINNT FOLDER #Try these commands: regsvr32 /u Fastprox.dll click [OK] regsvr32 /u wbemprox.dll click [OK] regsvr32 Fastprox.dll click [OK] regsvr32 wbemprox.dll click [OK] Reboot your machine and see if that will help. LOAD LYBRARY (XXXXXX.DLL) FAILED - THE SPECIFIED MODULE COUL NOT BE FOUND **FOR ALL** # Rebuilding the Repository again in a different way, open the command prompt again and type in: sc stop winmgmnt click [OK] Locate the direcorty for the Repository and rename it to Repository.old C:\Windows\system32\wbem\Repository sc start winmgmnt click [OK] Reboot your machine and test. AT ATTEMPTING TO STOP FOR STARTERS THIS WAS THE RESPONSE: [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. ####################################### # You experience slow system performance when you run a program that uses the WMI service on a Windows XP SP2-based computer or a Windows Server 2003 SP1-based computer http://support.microsoft.com/kb/911262 HTH, nass |
#10
|
|||
|
|||
Event Error SecurityCenter ID: 1802
"Abigail" wrote: Sorry to tell you that everything failed, below each of your steps is either the unsuccessful attempt prompt response or the result (in caps): ####################################### "nass" wrote: Run Type in: rundll32 wbemupgd, UpgradeRepository click [OK] Reboot your machine and see if that will help! ERROR LOADING WBEMUPGD THE SPECIFIED MODULE COULD NOT BE FOUND Or Get the XP CD and copy and paste this command: rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf click [OK] Reboot your machine and see if that will help! You will find a copy he C:\Windows\ServicePackFiles\i386 COPIES A BUNCH OF FILES FROM CD CORRECTLY AND AFTER A WILE PROMPS ME THAT A NAPCLIENTPROV.MOF(UNKNOWN) FILE IS NEEDED AND CANNOT BE FOUND NEITHER IN THE XP CD OR CURRENT WINNT FOLDER #Try these commands: regsvr32 /u Fastprox.dll click [OK] regsvr32 /u wbemprox.dll click [OK] regsvr32 Fastprox.dll click [OK] regsvr32 wbemprox.dll click [OK] Reboot your machine and see if that will help. LOAD LYBRARY (XXXXXX.DLL) FAILED - THE SPECIFIED MODULE COUL NOT BE FOUND **FOR ALL** # Rebuilding the Repository again in a different way, open the command prompt again and type in: sc stop winmgmnt click [OK] Locate the direcorty for the Repository and rename it to Repository.old C:\Windows\system32\wbem\Repository sc start winmgmnt click [OK] Reboot your machine and test. AT ATTEMPTING TO STOP FOR STARTERS THIS WAS THE RESPONSE: [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. ####################################### # You experience slow system performance when you run a program that uses the WMI service on a Windows XP SP2-based computer or a Windows Server 2003 SP1-based computer http://support.microsoft.com/kb/911262 HTH, nass Abi Can you search for these two files on your System and let me know the whereabout they located if any. Did you tried to create a new profile and see if that will work okay? Mine located he c:\Windows\System32\wbem C:\Windows\$NtServicePackUninstall$ C:\Windows\ServicePackFiles\i386 C:\Windows\SoftwareDistrubition\SelfUpdate\16b.... .. If you find it in one of these direcoties copy it to the other and Reboot your machine please do this for both files and Reboot your machine and see if the WMI is restored. If the above didn't help please contact me with your Hijackthis log. Download Hijackthis and send me the log. (http://www.trendsecure.com/portal/en...hijackthis.php) my address is : to_you_ross(at remove this and repalce with the obvious)yahoo.co.uk ( _ is underscore) HTH. nass --- http://www.nasstec.co.uk |
#11
|
|||
|
|||
Event Error SecurityCenter ID: 1802
"nass" wrote: Abi Can you search for these two files on your System and let me know the whereabout they located if any. Did you tried to create a new profile and see if that will work okay? Mine located he c:\Windows\System32\wbem C:\Windows\$NtServicePackUninstall$ C:\Windows\ServicePackFiles\i386 C:\Windows\SoftwareDistrubition\SelfUpdate\16b.... .. If you find it in one of these direcoties copy it to the other and Reboot your machine please do this for both files and Reboot your machine and see if the WMI is restored. If the above didn't help please contact me with your Hijackthis log. Download Hijackthis and send me the log. (http://www.trendsecure.com/portal/en...hijackthis.php) my address is : to_you_ross(at remove this and repalce with the obvious)yahoo.co.uk ( _ is underscore) HTH. nass --- http://www.nasstec.co.uk nass, If you are referring to the 2 Files that the registry command entries you posted earlier that did not load before (wbemprox.dll) and (Fastprox.dll) they only exist in :: C:\WINNT\system32\wbem in my system. Specifically where do they need to be copied? I have the following $NtServicePackUninstall folders under C:\WINNT :: $NtServicePackUninstallIDNMitigationAPIs$ $NtServicePackUninstallNLSDownlevelMapping$ Do they need to be copied under:: C:\WINNT\ServicePackFiles\i386\ also? As for the:: C:\Windows\SoftwareDistrubition\SelfUpdate\16b.... .. Mine is :: C:\WINNT\SoftwareDistrubition\SelfUpdate\ containing only two folders :: \Default & \Registered ? Did you mean a new profile, a new computer username? Abigail |
#12
|
|||
|
|||
Event Error SecurityCenter ID: 1802
nass,
At reviewing back the thread I performed all it was left to try from the following point: ####################### Setting The Default WMI Namespace Security: http://community.spiceworks.com/educ...ty?query=W MI Setting The Default DCOM Properties And Security: http://community.spiceworks.com/educ...s_And_Security Right click My Computer and select Properties. On the System Properties click on Advanced tab then click on [ Environment Variables ] Button and under System Variables make sure these settings correct: Variable | Value ComSpec %SystemRoot%\system32\cmd.exe Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32 \wbem;%SystemRoot%\system32;%SystemRoot%;%SystemRo ot%\System32\Wbem PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP %SystemRoot%\TEMP TMP %SystemRoot%\TEMP windir %SystemRoot% NOTE the above copied from the Edit Window, it will take the Path letter C:\Windows\Temp for Exm.. ####################### Results: After opening dcomcnfg.exe the windows firewall warning dialog prompted that the item is being blocked, therefore I selected to unblock and continued resetting the defaults exactly as recommended in the link above. After completing anything else that it was not attempted before and rebooting it seems like the Event Error SecurityCenter ID: 1802 is gone but now I'm getting a new event warning with the following Description: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account... I performed an additional WMIDiag scan and it is reporting Warnings, additionally I performed the Hijack This tool diagnostics scan and I forwarded the results of both to the e-address you are providing. Thanks Abigail |
#13
|
|||
|
|||
Event Error SecurityCenter ID: 1802
"Abigail" wrote: nass, At reviewing back the thread I performed all it was left to try from the following point: ####################### Setting The Default WMI Namespace Security: http://community.spiceworks.com/educ...ty?query=W MI Setting The Default DCOM Properties And Security: http://community.spiceworks.com/educ...s_And_Security Right click My Computer and select Properties. On the System Properties click on Advanced tab then click on [ Environment Variables ] Button and under System Variables make sure these settings correct: Variable | Value ComSpec %SystemRoot%\system32\cmd.exe Path C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32 \wbem;%SystemRoot%\system32;%SystemRoot%;%SystemRo ot%\System32\Wbem PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP %SystemRoot%\TEMP TMP %SystemRoot%\TEMP windir %SystemRoot% NOTE the above copied from the Edit Window, it will take the Path letter C:\Windows\Temp for Exm.. ####################### Results: After opening dcomcnfg.exe the windows firewall warning dialog prompted that the item is being blocked, therefore I selected to unblock and continued resetting the defaults exactly as recommended in the link above. After completing anything else that it was not attempted before and rebooting it seems like the Event Error SecurityCenter ID: 1802 is gone but now I'm getting a new event warning with the following Description: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account... I performed an additional WMIDiag scan and it is reporting Warnings, additionally I performed the Hijack This tool diagnostics scan and I forwarded the results of both to the e-address you are providing. Thanks Abigail Hi Abi, About the warning for HiPerfCooker_v1 is related to the "Formatted Performance Data Provider" hence "Cooked Counter Provider" : http://msdn.microsoft.com/en-us/libr...31(VS.85).aspx Yes I mean copy the Two files to the locations I meantioned in my previous post: c:\\WINNT\System32\wbem C:\\WINNT\$NtServicePackUninstall$ C:\\WINNT\ServicePackFiles\i386 C:\\WINNT\SoftwareDistrubition\SelfUpdate\16b..... . I didn't get your message but here my address again and please Note that ( _ ) is undersco to_you_ross(.at.)yahoo.co.uk HTH, nass --- http://www.nasstec.co.uk |
Thread Tools | |
Display Modes | |
|
|