Event Error SecurityCenter ID: 1802

[Abigail]

I'm experiencing the following error warning every time W XP starts:
##
Event Error SecurityCenter ID: 1802

The Windows Security Center Service was unable to establish event queries
with WMI to monitor third party Antivirus and Firewall.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
###

I have the XP proprietary firewall active and use a third party Antivirus
software up to date that is not monitored by the system but why this is
referring to the firewall?
Thanks in advance

 

[nass]

I'm experiencing the following error warning every time W XP starts:
##
Event Error SecurityCenter ID: 1802

The Windows Security Center Service was unable to establish event queries
with WMI to monitor third party Antivirus and Firewall.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
###

I have the XP proprietary firewall active and use a third party Antivirus
software up to date that is not monitored by the system but why this is
referring to the firewall?
Thanks in advance

The error about MS Security Center not being able to track or recognize your
anti-virus, check that the Firewall service for TrendMicro
is Enabled Auto and working in the Services control panel.

1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit or you can send them here in your next
post) and click [OK] to confirm your Changes.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) and click Apply
then OK to close your IE Properties.
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html

Download Comodo Firewall an disbale windows FW and see if the error will be
logged or you can go for Kerio or ZA free firewall.
http://www.personalfirewall.comodo.com/download_firewall.html

HTH,
nass

 

[Abigail]

Nope, done with all your recommendations but the error is still present, any
more ideas?

Thanks
Abigail

 

[nass]

Nope, done with all your recommendations but the error is still present, any
more ideas?

Thanks
Abigail

MS:: <Quote>
Stopping and Starting the WMI Service

If you are experiencing problems with the WMI service you might need to
manually stop and restart the service. Before doing so you should enable
WMI’s verbose logging option. This provides additional information in the WMI
error logs that might be useful in diagnosing the problem. To enable verbose
logging using the WMI control, do the following:
1.Open the Computer Management MMC snap-in and expand Services and
Applications.
2.Right-click WMI Control and click Properties.
3.In the WMI Control Properties dialog box, on the Logging tab, select
Verbose (includes extra information for Microsoft troubleshooting) and then
click OK.
Alternatively, you can modify the following registry values:
•Set HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\Logging to 2.
•Set HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\Logging File Max Size
to 4000000.
After enabling verbose logging try stopping the WMI service by typing the
following
Open a run command prompt:
net stop winmgmt

If the net stop command fails you can force the service to stop by typing
this:
winmgmt /kill

Important. If you are running Windows XP or Windows Server 2003 the WMI
service runs inside a process named Svchost; this process contains other
services as well as WMI. Because of that, you should not try to stop
Svchost;
if you succeed, you’ll stop all the other services running in that process
as
well. Instead, use net stop winmgmt or winmgmt /kill in order to stop just
the WMI service.

You can then restart the service by typing the following command:
net start winmgmt

If the service does not restart try rebooting the computer to see if that
corrects the problem.
If it does not, then continue reading.
MS:: </Quote>

"WMI Diagnosis Utility"
http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspx

Systems that have changed the default Access Control List permissions on the
%windir%\registration directory may experience various problems after you
install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC
http://support.microsoft.com/kb/909444
Also you can download the DiagWMI from here and some good solutions on the
page:
http://windowsxp.mvps.org/repairwmi.htm.

= Open a run command and try to re-register these DLLs:
regsvr32 hnetcfg.dll
regsvr32 netcfgx.dll
regsvr32 netman.dll
regsvr32 atl.dll
regsvr32 netshell.dll
Also try repair the WMI as descriped here
http://groups.google.com/group/microsoft.public.win32.programmer.wmi/msg/1da6ab3690bc75a0

 

[Abigail]

Stopping and Starting WMI was successful but did not correct the error.
I downloaded and run the WMI Diagnosis Utility and the following is the text
in the report (parts pertaining to the errors only) ::

####################
....92 20:38:01 (1) !! ERROR: The SYSTEM32 folder is NOT in the PATH.
....93 20:38:01 (1) !! ERROR: The WBEM folder is NOT in the PATH.
....94 20:38:01 (3) The PATH environment variable has a maximum length of
512 characters. Current PATH length is 18 characters.
....95 20:38:01 (4) Reading registry (REG_DWORD)
'HKCU\Software\Microsoft\Windows Script Host\Settings\Timeout'.
....96 20:38:01 (4) Reading registry (REG_DWORD)
'HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout'.

...446 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in
registry key
"HKCR\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32\".
...447 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) :
'C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL' is not registered correctly, missing
'\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32'.

...451 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in
registry key
"HKCR\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32\".
...452 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) :
'C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL' is not registered correctly, missing
'\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32'.

...580 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in
registry key
"HKCR\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32\".
...581 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) :
'C:\WINNT\SYSTEM32\WBEM\WBEMPROX.DLL' is not registered correctly, missing
'\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32'.

18280 20:44:38 (1) !! ERROR: Environment:
.................................................................................................. 3 ITEM(S)!
18281 20:44:38 (1) !! ERROR: => The following path(s) is/are missing from
the PATH environment variable:
18282 20:44:38 (0) ** - C:\WINNT\SYSTEM32
18283 20:44:38 (0) ** - C:\WINNT\SYSTEM32\WBEM
18284 20:44:38 (0) ** Failing to have the listed path(s) in the
PATH environment variable
18285 20:44:38 (0) ** could prevent the system to work properly.
18286 20:44:38 (0) ** INFO: => 4 incorrect shutdown(s) detected on:
18287 20:44:38 (0) ** - Shutdown on 22 September 2008 00:03:18
(GMT+4).
18288 20:44:38 (0) ** - Shutdown on 24 September 2008 12:44:53
(GMT+4).
18289 20:44:38 (0) ** - Shutdown on 24 September 2008 12:49:36
(GMT+4).
18290 20:44:38 (0) ** - Shutdown on 26 September 2008 14:34:34
(GMT+4).

18388 20:44:38 (0) ** ERROR: WMIDiag detected issues that could prevent WMI
to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL
SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_HAL-9000_2008.10.01_20.37.20.LOG'
for details.
####################

 

[nass]

Stopping and Starting WMI was successful but did not correct the error.
I downloaded and run the WMI Diagnosis Utility and the following is the text
in the report (parts pertaining to the errors only) ::

####################
...92 20:38:01 (1) !! ERROR: The SYSTEM32 folder is NOT in the PATH.
...93 20:38:01 (1) !! ERROR: The WBEM folder is NOT in the PATH.
...94 20:38:01 (3) The PATH environment variable has a maximum length of
512 characters. Current PATH length is 18 characters.
...95 20:38:01 (4) Reading registry (REG_DWORD)
'HKCU\Software\Microsoft\Windows Script Host\Settings\Timeout'.
...96 20:38:01 (4) Reading registry (REG_DWORD)
'HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\Timeout'.

..446 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in
registry key
"HKCR\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32\".
..447 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) :
'C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL' is not registered correctly, missing
'\CLSID\{D71EE747-F455-4804-9DF6-2ED81025F2C1}\InProcServer32'.

..451 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in
registry key
"HKCR\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32\".
..452 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) :
'C:\WINNT\SYSTEM32\WBEM\FASTPROX.DLL' is not registered correctly, missing
'\CLSID\{ED51D12E-511F-4999-8DCD-C2BAC91BE86E}\InProcServer32'.

..580 20:38:29 (1) !! ERROR: (ReadRegistry) : 0x80070002 - Invalid root in
registry key
"HKCR\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32\".
..581 20:38:29 (1) !! ERROR: (CheckWMIDCOMComponentRegistrations) :
'C:\WINNT\SYSTEM32\WBEM\WBEMPROX.DLL' is not registered correctly, missing
'\CLSID\{4C6055D8-84B9-4111-A7D3-6623894EEDB3}\InProcServer32'.

18280 20:44:38 (1) !! ERROR: Environment:
................................................................................................. 3 ITEM(S)!
18281 20:44:38 (1) !! ERROR: => The following path(s) is/are missing from
the PATH environment variable:
18282 20:44:38 (0) ** - C:\WINNT\SYSTEM32
18283 20:44:38 (0) ** - C:\WINNT\SYSTEM32\WBEM
18284 20:44:38 (0) ** Failing to have the listed path(s) in the
PATH environment variable
18285 20:44:38 (0) ** could prevent the system to work properly.
18286 20:44:38 (0) ** INFO: => 4 incorrect shutdown(s) detected on:
18287 20:44:38 (0) ** - Shutdown on 22 September 2008 00:03:18
(GMT+4).
18288 20:44:38 (0) ** - Shutdown on 24 September 2008 12:44:53
(GMT+4).
18289 20:44:38 (0) ** - Shutdown on 24 September 2008 12:49:36
(GMT+4).
18290 20:44:38 (0) ** - Shutdown on 26 September 2008 14:34:34
(GMT+4).

18388 20:44:38 (0) ** ERROR: WMIDiag detected issues that could prevent WMI
to work properly!. Check 'C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL
SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.RTM.32_HAL-9000_2008.10.01_20.37.20.LOG'
for details.
####################

Open a notepad and copy and paste the following and save on the desktop as
WMI.bat and then double click it to excute!
regsvr32 wbemprox.dll
regsvr32 Fastprox.dll
regsvr32 hnetcfg.dll
regsvr32 netcfgx.dll
regsvr32 netman.dll
regsvr32 atl.dll
regsvr32 netshell.dll


Make sure these services are started or restart them again:
Event Log << Auto
Windows Management Instrumentation << Auto (first RPC not the
second one set to Manuall)
Remote Procedure Call (RPC) << Auto
DCOM Server Process Launcher << Auto

Reboot your machine and wait for a while and see the timestamp to the event
logs, does it log the error again?
Setting The Default WMI Namespace Security
http://community.spiceworks.com/edu..._The_Default_WMI_Namespace_Security?query=WMI
Setting The Default DCOM Properties And Security:
http://community.spiceworks.com/education/projects/Setting_The_Default_DCOM_Properties_And_Security


Right click My Computer and select Properties. On the System Properties
click on Advanced tab then click on [ Environment Variables ] Button and
under System Variables make sure these settings correct:
Variable | Value
ComSpec %SystemRoot%\system32\cmd.exe

Path
C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP %SystemRoot%\TEMP
TMP %SystemRoot%\TEMP
windir %SystemRoot%

NOTE the above copied from the Edit Window, it will take the Path letter
C:\Windows\Temp for Exm..

Disabling Windows Script Host
http://www.microsoft.com/technet/scriptcenter/guide/sas_sbp_lhak.mspx?mfr=true

HTH,
nass

 

[Abigail]

Thanks for the tip; this is the result for the entries registration:
After each execution there was a prompt response:

regsvr32 wbemprox.dll (LoadLibrary failed module not found)
regsvr32 Fastprox.dll (LoadLibrary failed module not found)
regsvr32 hnetcfg.dll (Success)
regsvr32 netcfgx.dll (Success)
regsvr32 netman.dll (Success)
regsvr32 atl.dll (Success)
regsvr32 netshell.dll (Success)

“Event Error SecurityCenter ID: 1802†Still present
Question: Should I try to look for the missing dll files and install them?

Your help is greatly appreciated
Abigail

 

[nass]

Thanks for the tip; this is the result for the entries registration:
After each execution there was a prompt response:

regsvr32 wbemprox.dll (LoadLibrary failed module not found)
regsvr32 Fastprox.dll (LoadLibrary failed module not found)
regsvr32 hnetcfg.dll (Success)
regsvr32 netcfgx.dll (Success)
regsvr32 netman.dll (Success)
regsvr32 atl.dll (Success)
regsvr32 netshell.dll (Success)

“Event Error SecurityCenter ID: 1802†Still present
Question: Should I try to look for the missing dll files and install them?

Your help is greatly appreciated
Abigail

Okay Abi,
# From Ramesh:
http://windowsxp.mvps.org/repairwmi.htm

Run >> Type in:

rundll32 wbemupgd, UpgradeRepository click [OK]
Reboot your machine and see if that will help!

Or Get the XP CD and copy and paste this command:
rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf
click [OK]
Reboot your machine and see if that will help!
You will find a copy here:
C:\Windows\ServicePackFiles\i386

#Try these commands:
regsvr32 /u Fastprox.dll click [OK]
regsvr32 /u wbemprox.dll click [OK]
regsvr32 Fastprox.dll click [OK]
regsvr32 wbemprox.dll click [OK]
Reboot your machine and see if that will help.

# Rebuilding the Repository again in a different way, open the command
prompt again and type in:
sc stop winmgmnt click [OK]
Locate the direcorty for the Repository and rename it to Repository.old
C:\Windows\system32\wbem\Repository
sc start winmgmnt click [OK]
Reboot your machine and test.

# You experience slow system performance when you run a program that uses
the WMI service on a Windows XP SP2-based computer or a Windows Server 2003
SP1-based computer

http://support.microsoft.com/kb/911262
HTH,
nass

 

[Abigail]

Sorry to tell you that everything failed, below each of your steps is either
the unsuccessful attempt prompt response or the result (in caps):

#######################################

Run >> Type in:

rundll32 wbemupgd, UpgradeRepository click [OK]
Reboot your machine and see if that will help!

ERROR LOADING WBEMUPGD THE SPECIFIED MODULE COULD NOT BE FOUND

Or Get the XP CD and copy and paste this command:
rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf
click [OK]
Reboot your machine and see if that will help!
You will find a copy here:
C:\Windows\ServicePackFiles\i386

COPIES A BUNCH OF FILES FROM CD CORRECTLY AND AFTER A WILE PROMPS ME THAT A
NAPCLIENTPROV.MOF(UNKNOWN) FILE IS NEEDED AND CANNOT BE FOUND
NEITHER IN THE XP CD OR CURRENT WINNT FOLDER

#Try these commands:
regsvr32 /u Fastprox.dll click [OK]
regsvr32 /u wbemprox.dll click [OK]
regsvr32 Fastprox.dll click [OK]
regsvr32 wbemprox.dll click [OK]
Reboot your machine and see if that will help.

LOAD LYBRARY (XXXXXX.DLL) FAILED - THE SPECIFIED MODULE COUL NOT BE FOUND
**FOR ALL**

# Rebuilding the Repository again in a different way, open the command
prompt again and type in:
sc stop winmgmnt click [OK]
Locate the direcorty for the Repository and rename it to Repository.old
C:\Windows\system32\wbem\Repository
sc start winmgmnt click [OK]
Reboot your machine and test.

AT ATTEMPTING TO STOP FOR STARTERS THIS WAS THE RESPONSE:
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

#######################################

 

[nass]

Sorry to tell you that everything failed, below each of your steps is either
the unsuccessful attempt prompt response or the result (in caps):

#######################################

Run >> Type in:

rundll32 wbemupgd, UpgradeRepository click [OK]
Reboot your machine and see if that will help!

ERROR LOADING WBEMUPGD THE SPECIFIED MODULE COULD NOT BE FOUND

Or Get the XP CD and copy and paste this command:
rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf
click [OK]
Reboot your machine and see if that will help!
You will find a copy here:
C:\Windows\ServicePackFiles\i386

COPIES A BUNCH OF FILES FROM CD CORRECTLY AND AFTER A WILE PROMPS ME THAT A
NAPCLIENTPROV.MOF(UNKNOWN) FILE IS NEEDED AND CANNOT BE FOUND
NEITHER IN THE XP CD OR CURRENT WINNT FOLDER

#Try these commands:
regsvr32 /u Fastprox.dll click [OK]
regsvr32 /u wbemprox.dll click [OK]
regsvr32 Fastprox.dll click [OK]
regsvr32 wbemprox.dll click [OK]
Reboot your machine and see if that will help.

LOAD LYBRARY (XXXXXX.DLL) FAILED - THE SPECIFIED MODULE COUL NOT BE FOUND
**FOR ALL**

# Rebuilding the Repository again in a different way, open the command
prompt again and type in:
sc stop winmgmnt click [OK]
Locate the direcorty for the Repository and rename it to Repository.old
C:\Windows\system32\wbem\Repository
sc start winmgmnt click [OK]
Reboot your machine and test.

AT ATTEMPTING TO STOP FOR STARTERS THIS WAS THE RESPONSE:
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

#######################################

# You experience slow system performance when you run a program that uses
the WMI service on a Windows XP SP2-based computer or a Windows Server 2003
SP1-based computer

http://support.microsoft.com/kb/911262
HTH,
nass

Abi
Can you search for these two files on your System and let me know the
whereabout they located if any.
Did you tried to create a new profile and see if that will work okay?
Mine located here:

c:\Windows\System32\wbem
C:\Windows\$NtServicePackUninstall$
C:\Windows\ServicePackFiles\i386
C:\Windows\SoftwareDistrubition\SelfUpdate\16b......

If you find it in one of these direcoties copy it to the other and Reboot
your machine please do this for both files and Reboot your machine and see if
the WMI is restored.

If the above didn't help please contact me with your Hijackthis log.
Download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk
( _ is underscore)
HTH.
nass

 

[Abigail]

Abi
Can you search for these two files on your System and let me know the
whereabout they located if any.
Did you tried to create a new profile and see if that will work okay?
Mine located here:

c:\Windows\System32\wbem
C:\Windows\$NtServicePackUninstall$
C:\Windows\ServicePackFiles\i386
C:\Windows\SoftwareDistrubition\SelfUpdate\16b......

If you find it in one of these direcoties copy it to the other and Reboot
your machine please do this for both files and Reboot your machine and see if
the WMI is restored.

If the above didn't help please contact me with your Hijackthis log.
Download Hijackthis and send me the log.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk
( _ is underscore)
HTH.
nass

nass,

If you are referring to the 2 Files that the registry command entries you
posted earlier that did not load before (wbemprox.dll) and (Fastprox.dll)
they only exist in :: C:\WINNT\system32\wbem in my system.

Specifically where do they need to be copied?
I have the following $NtServicePackUninstall folders under C:\WINNT ::
$NtServicePackUninstallIDNMitigationAPIs$
$NtServicePackUninstallNLSDownlevelMapping$

Do they need to be copied under:: C:\WINNT\ServicePackFiles\i386\ also?

As for the:: C:\Windows\SoftwareDistrubition\SelfUpdate\16b......
Mine is :: C:\WINNT\SoftwareDistrubition\SelfUpdate\ containing only two
folders :: \Default & \Registered ?

Did you mean a new profile, a new computer username?

Abigail

 

[Abigail]

nass,

At reviewing back the thread I performed all it was left to try from the
following point:

#######################

Setting The Default WMI Namespace Security
http://community.spiceworks.com/edu..._The_Default_WMI_Namespace_Security?query=WMI
Setting The Default DCOM Properties And Security
http://community.spiceworks.com/education/projects/Setting_The_Default_DCOM_Properties_And_Security


Right click My Computer and select Properties. On the System Properties
click on Advanced tab then click on [ Environment Variables ] Button and
under System Variables make sure these settings correct:
Variable | Value
ComSpec %SystemRoot%\system32\cmd.exe

Path
C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP %SystemRoot%\TEMP
TMP %SystemRoot%\TEMP
windir %SystemRoot%

NOTE the above copied from the Edit Window, it will take the Path letter
C:\Windows\Temp for Exm..

#######################

Results:

After opening dcomcnfg.exe the windows firewall warning dialog prompted that
the item is being blocked, therefore I selected to

unblock and continued resetting the defaults exactly as recommended in the
link above.

After completing anything else that it was not attempted before and
rebooting it seems like the Event Error SecurityCenter ID: 1802

is gone but now I'm getting a new event warning with the following
Description: A provider, HiPerfCooker_v1, has been registered in

the WMI namespace, Root\WMI, to use the LocalSystem account...

I performed an additional WMIDiag scan and it is reporting Warnings,
additionally I performed the Hijack This tool diagnostics scan

and I forwarded the results of both to the e-address you are providing.

Thanks
Abigail

 

[nass]

nass,

At reviewing back the thread I performed all it was left to try from the
following point:

#######################

Setting The Default WMI Namespace Security:
http://community.spiceworks.com/edu..._The_Default_WMI_Namespace_Security?query=WMI
Setting The Default DCOM Properties And Security:
http://community.spiceworks.com/education/projects/Setting_The_Default_DCOM_Properties_And_Security


Right click My Computer and select Properties. On the System Properties
click on Advanced tab then click on [ Environment Variables ] Button and
under System Variables make sure these settings correct:
Variable | Value
ComSpec %SystemRoot%\system32\cmd.exe

Path
C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP %SystemRoot%\TEMP
TMP %SystemRoot%\TEMP
windir %SystemRoot%

NOTE the above copied from the Edit Window, it will take the Path letter
C:\Windows\Temp for Exm..

#######################

Results:

After opening dcomcnfg.exe the windows firewall warning dialog prompted that
the item is being blocked, therefore I selected to

unblock and continued resetting the defaults exactly as recommended in the
link above.

After completing anything else that it was not attempted before and
rebooting it seems like the Event Error SecurityCenter ID: 1802

is gone but now I'm getting a new event warning with the following
Description: A provider, HiPerfCooker_v1, has been registered in

the WMI namespace, Root\WMI, to use the LocalSystem account...

I performed an additional WMIDiag scan and it is reporting Warnings,
additionally I performed the Hijack This tool diagnostics scan

and I forwarded the results of both to the e-address you are providing.

Thanks
Abigail

Hi Abi,

About the warning for HiPerfCooker_v1 is related to the "Formatted
Performance Data Provider" hence "Cooked Counter Provider" :
http://msdn.microsoft.com/en-us/library/aa390431(VS.85).aspx


Yes I mean copy the Two files to the locations I meantioned in my previous
post:
c:\\WINNT\System32\wbem
C:\\WINNT\$NtServicePackUninstall$
C:\\WINNT\ServicePackFiles\i386
C:\\WINNT\SoftwareDistrubition\SelfUpdate\16b......

I didn't get your message but here my address again and please Note that ( _
) is underscore:
to_you_ross(.at.)yahoo.co.uk

HTH,
nass