Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to enable Security center (Win7)


  • Please log in to reply
5 replies to this topic

#1 folk11

folk11

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 PM

Posted 28 April 2012 - 01:55 PM

I am new to posting on these forums. I would like some help to finding a solution to whatever this problem is.

At the moment I am unable to turn on windows security center service. I am unsure if this is due to a virus. I noticed this when Cisco NAC agent was unable to detect Microsoft security essentials on my PC. I noticed that the firewall was off a was unable to turn on. I got a quick reg fix for this from:

http:// download.bleepingcomputer.com/win-services/7/MpsSvc.reg

http:// download.bleepingcomputer.com/win-services/7/BFE.reg

This says it enabled the firewall, but I am unsure that it solved the problem. Then I found that windows security center service was disabled and could not be reenabled with the error message:

"The Windows security center service can't be started"

I checked services.msc and "security center" is missing from the list. I can't enable it. From this I somehow found myself running wmidiag.exe and got some errors (no idea how I got to this). Log says that I have a WMI provider CIM registration failure.

Log from wmidiag.exe
------------------------

23990 12:36:51 (0) ** WMIDiag v2.1 started on Saturday, April 28, 2012 at 12:31.
23991 12:36:51 (0) **
23992 12:36:51 (0) ** Copyright Microsoft Corporation. All rights reserved - July 2007.
23993 12:36:51 (0) **
23994 12:36:51 (0) ** This script is not supported under any Microsoft standard support program or service.
23995 12:36:51 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
23996 12:36:51 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
23997 12:36:51 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
23998 12:36:51 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
23999 12:36:51 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
24000 12:36:51 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
24001 12:36:51 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
24002 12:36:51 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
24003 12:36:51 (0) ** of the possibility of such damages.
24004 12:36:51 (0) **
24005 12:36:51 (0) **
24006 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24007 12:36:51 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
24008 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24009 12:36:51 (0) **
24010 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24011 12:36:51 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'AFOLK\ALEX FOLK' on computer 'AFOLK'.
24012 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24013 12:36:51 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
24014 12:36:51 (0) ** INFO: => 9 possible incorrect shutdown(s) detected on:
24015 12:36:51 (0) ** - Shutdown on 09 March 2012 17:47:34 (GMT-0).
24016 12:36:51 (0) ** - Shutdown on 10 March 2012 20:49:51 (GMT-0).
24017 12:36:51 (0) ** - Shutdown on 14 March 2012 23:19:13 (GMT-0).
24018 12:36:51 (0) ** - Shutdown on 25 March 2012 15:03:51 (GMT-0).
24019 12:36:51 (0) ** - Shutdown on 15 April 2012 19:44:11 (GMT-0).
24020 12:36:51 (0) ** - Shutdown on 17 April 2012 19:21:43 (GMT-0).
24021 12:36:51 (0) ** - Shutdown on 19 April 2012 16:22:56 (GMT-0).
24022 12:36:51 (0) ** - Shutdown on 28 April 2012 00:20:57 (GMT-0).
24023 12:36:51 (0) ** - Shutdown on 28 April 2012 17:02:21 (GMT-0).
24024 12:36:51 (0) **
24025 12:36:51 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #0).
24026 12:36:51 (0) ** Drive type: ......................................................................................................... IDE (ST9750420AS).
24027 12:36:51 (0) ** There are no missing WMI system files: .............................................................................. OK.
24028 12:36:51 (0) ** There are no missing WMI repository files: .......................................................................... OK.
24029 12:36:51 (0) ** WMI repository state: ............................................................................................... CONSISTENT.
24030 12:36:51 (0) ** AFTER running WMIDiag:
24031 12:36:51 (0) ** The WMI repository has a size of: ................................................................................... 53 MB.
24032 12:36:51 (0) ** - Disk free space on 'C:': .......................................................................................... 245953 MB.
24033 12:36:51 (0) ** - INDEX.BTR, 8536064 bytes, 4/28/2012 12:01:13 PM
24034 12:36:51 (0) ** - MAPPING1.MAP, 152284 bytes, 4/28/2012 11:50:36 AM
24035 12:36:51 (0) ** - MAPPING2.MAP, 152284 bytes, 4/28/2012 12:27:19 PM
24036 12:36:51 (0) ** - OBJECTS.DATA, 46505984 bytes, 4/28/2012 12:01:13 PM
24037 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24038 12:36:51 (2) !! WARNING: Windows Firewall: .......................................................................................... DISABLED.
24039 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24040 12:36:51 (0) ** DCOM Status: ........................................................................................................ OK.
24041 12:36:51 (0) ** WMI registry setup: ................................................................................................. OK.
24042 12:36:51 (0) ** INFO: WMI service has dependents: ................................................................................... 1 SERVICE(S)!
24043 12:36:51 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')
24044 12:36:51 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
24045 12:36:51 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
24046 12:36:51 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
24047 12:36:51 (0) ** this can prevent the service/application to work as expected.
24048 12:36:51 (0) **
24049 12:36:51 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
24050 12:36:51 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
24051 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24052 12:36:51 (0) ** WMI service DCOM setup: ............................................................................................. OK.
24053 12:36:51 (0) ** WMI components DCOM registrations: .................................................................................. OK.
24054 12:36:51 (0) ** WMI ProgID registrations: ........................................................................................... OK.
24055 12:36:51 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
24056 12:36:51 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
24057 12:36:51 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
24058 12:36:51 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
24059 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24060 12:36:51 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
24061 12:36:51 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
24062 12:36:51 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command
24063 12:36:51 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
24064 12:36:51 (0) ** selecting 'Run as Administrator'.
24065 12:36:51 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task
24066 12:36:51 (0) ** in the Task Scheduler within the right security context.
24067 12:36:51 (0) **
24068 12:36:51 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
24069 12:36:51 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
24070 12:36:51 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
24071 12:36:51 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
24072 12:36:51 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
24073 12:36:51 (0) **
24074 12:36:51 (0) ** Overall DCOM security status: ....................................................................................... OK.
24075 12:36:51 (0) ** Overall WMI security status: ........................................................................................ OK.
24076 12:36:51 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
24077 12:36:51 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1.
24078 12:36:51 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
24079 12:36:51 (0) ** 'select * from MSFT_SCMEventLogEvent'
24080 12:36:51 (0) **
24081 12:36:51 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
24082 12:36:51 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 6 ERROR(S)!
24083 12:36:51 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24084 12:36:51 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24085 12:36:51 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24086 12:36:51 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24087 12:36:51 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24088 12:36:51 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24089 12:36:51 (0) **
24090 12:36:51 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 7 ERROR(S)!
24091 12:36:51 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24092 12:36:51 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24093 12:36:51 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24094 12:36:51 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24095 12:36:51 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24096 12:36:51 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24097 12:36:51 (0) ** - Root/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24098 12:36:51 (0) **
24099 12:36:51 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 57 ERROR(S)!
24100 12:36:51 (0) ** - Root, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24101 12:36:51 (0) ** MOF Registration: ''
24102 12:36:51 (0) ** - ROOT/SUBSCRIPTION, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24103 12:36:51 (0) ** MOF Registration: ''
24104 12:36:51 (0) ** - ROOT/DEFAULT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24105 12:36:51 (0) ** MOF Registration: ''
24106 12:36:51 (0) ** - ROOT/CIMV2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24107 12:36:51 (0) ** MOF Registration: ''
24108 12:36:51 (0) ** - ROOT/CIMV2/SECURITY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24109 12:36:51 (0) ** MOF Registration: ''
24110 12:36:51 (0) ** - ROOT/CIMV2/POWER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24111 12:36:51 (0) ** MOF Registration: ''
24112 12:36:51 (0) ** - ROOT/CIMV2/APPLICATIONS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24113 12:36:51 (0) ** MOF Registration: ''
24114 12:36:51 (0) ** - ROOT/CIMV2/APPLICATIONS/WINDOWSPARENTALCONTROLS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24115 12:36:51 (0) ** MOF Registration: ''
24116 12:36:51 (0) ** - ROOT/CIMV2/APPLICATIONS/GAMES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24117 12:36:51 (0) ** MOF Registration: ''
24118 12:36:51 (0) ** - ROOT/CLI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24119 12:36:51 (0) ** MOF Registration: ''
24120 12:36:51 (0) ** - ROOT/NAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24121 12:36:51 (0) ** MOF Registration: ''
24122 12:36:51 (0) ** - ROOT/SECURITYCENTER2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24123 12:36:51 (0) ** MOF Registration: ''
24124 12:36:51 (0) ** - ROOT/RSOP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24125 12:36:51 (0) ** MOF Registration: ''
24126 12:36:51 (0) ** - ROOT/WMI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24127 12:36:51 (0) ** MOF Registration: ''
24128 12:36:51 (0) ** - ROOT/DIRECTORY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24129 12:36:51 (0) ** MOF Registration: ''
24130 12:36:51 (0) ** - ROOT/DIRECTORY/LDAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24131 12:36:51 (0) ** MOF Registration: ''
24132 12:36:51 (0) ** - ROOT/INTEROP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24133 12:36:51 (0) ** MOF Registration: ''
24134 12:36:51 (0) ** - ROOT/SECURITYCENTER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24135 12:36:51 (0) ** MOF Registration: ''
24136 12:36:51 (0) ** - ROOT/MSAPPS12, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24137 12:36:51 (0) ** MOF Registration: ''
24138 12:36:51 (0) ** - ROOT/MICROSOFT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24139 12:36:51 (0) ** MOF Registration: ''
24140 12:36:51 (0) ** - ROOT/MICROSOFT/HOMENET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24141 12:36:51 (0) ** MOF Registration: ''
24142 12:36:51 (0) ** - ROOT/ASPNET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24143 12:36:51 (0) ** MOF Registration: ''
24144 12:36:51 (0) ** - Root/CIMV2, MSFT_NetInvalidDriverDependency, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24145 12:36:51 (0) ** MOF Registration: ''
24146 12:36:51 (0) ** - Root/CIMV2, Win32_OsBaselineProvider, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24147 12:36:51 (0) ** MOF Registration: ''
24148 12:36:51 (0) ** - Root/CIMV2, Win32_OsBaseline, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24149 12:36:51 (0) ** MOF Registration: ''
24150 12:36:51 (0) ** - Root/CIMV2, Win32_DriverVXD, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24151 12:36:51 (0) ** MOF Registration: ''
24152 12:36:51 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24153 12:36:51 (0) ** MOF Registration: ''
24154 12:36:51 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_GenericIKEandAuthIP, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24155 12:36:51 (0) ** MOF Registration: ''
24156 12:36:51 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24157 12:36:51 (0) ** MOF Registration: ''
24158 12:36:51 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24159 12:36:51 (0) ** MOF Registration: ''
24160 12:36:51 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24161 12:36:51 (0) ** MOF Registration: ''
24162 12:36:51 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecAuthIPv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24163 12:36:51 (0) ** MOF Registration: ''
24164 12:36:51 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24165 12:36:51 (0) ** MOF Registration: ''
24166 12:36:51 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv4, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24167 12:36:51 (0) ** MOF Registration: ''
24168 12:36:51 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24169 12:36:51 (0) ** MOF Registration: ''
24170 12:36:51 (0) ** - Root/CIMV2, Win32_PerfRawData_Counters_IPsecIKEv6, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24171 12:36:51 (0) ** MOF Registration: ''
24172 12:36:51 (0) ** - Root/CIMV2, Win32_PerfFormattedData_RemoteAccess_RASPort, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24173 12:36:51 (0) ** MOF Registration: ''
24174 12:36:51 (0) ** - Root/CIMV2, Win32_PerfRawData_RemoteAccess_RASPort, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24175 12:36:51 (0) ** MOF Registration: ''
24176 12:36:51 (0) ** - Root/CIMV2, Win32_PerfFormattedData_RemoteAccess_RASTotal, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24177 12:36:51 (0) ** MOF Registration: ''
24178 12:36:51 (0) ** - Root/CIMV2, Win32_PerfRawData_RemoteAccess_RASTotal, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24179 12:36:51 (0) ** MOF Registration: ''
24180 12:36:51 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24181 12:36:51 (0) ** MOF Registration: ''
24182 12:36:51 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServices, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24183 12:36:51 (0) ** MOF Registration: ''
24184 12:36:51 (0) ** - Root/CIMV2, Win32_Service='WSCSVC', 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24185 12:36:51 (0) ** MOF Registration: ''
24186 12:36:51 (0) ** - Root/WMI, ReserveDisjoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24187 12:36:51 (0) ** MOF Registration: ''
24188 12:36:51 (0) ** - Root/WMI, ReserveLateCount, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24189 12:36:51 (0) ** MOF Registration: ''
24190 12:36:51 (0) ** - Root/WMI, ReserveJoinThread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24191 12:36:51 (0) ** MOF Registration: ''
24192 12:36:51 (0) ** - Root/WMI, ReserveDelete, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24193 12:36:51 (0) ** MOF Registration: ''
24194 12:36:51 (0) ** - Root/WMI, ReserveBandwidth, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24195 12:36:51 (0) ** MOF Registration: ''
24196 12:36:51 (0) ** - Root/WMI, ReserveCreate, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24197 12:36:51 (0) ** MOF Registration: ''
24198 12:36:51 (0) ** - Root/WMI, SystemConfig_PhyDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24199 12:36:51 (0) ** MOF Registration: ''
24200 12:36:51 (0) ** - Root/WMI, SystemConfig_Video, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24201 12:36:51 (0) ** MOF Registration: ''
24202 12:36:51 (0) ** - Root/WMI, SystemConfig_IDEChannel, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24203 12:36:51 (0) ** MOF Registration: ''
24204 12:36:51 (0) ** - Root/WMI, SystemConfig_NIC, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24205 12:36:51 (0) ** MOF Registration: ''
24206 12:36:51 (0) ** - Root/WMI, SystemConfig_Network, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24207 12:36:51 (0) ** MOF Registration: ''
24208 12:36:51 (0) ** - Root/WMI, SystemConfig_CPU, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24209 12:36:51 (0) ** MOF Registration: ''
24210 12:36:51 (0) ** - Root/WMI, SystemConfig_LogDisk, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24211 12:36:51 (0) ** MOF Registration: ''
24212 12:36:51 (0) ** - Root/WMI, SystemConfig_Power, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
24213 12:36:51 (0) ** MOF Registration: ''
24214 12:36:51 (0) ** => When a WMI performance class is missing (i.e. 'Win32_PerfRawData_TermService_TerminalServices'), it is generally due to
24215 12:36:51 (0) ** a lack of buffer refresh of the WMI class provider exposing the WMI performance counters.
24216 12:36:51 (0) ** You can refresh the WMI class provider buffer with the following command:
24217 12:36:51 (0) **
24218 12:36:51 (0) ** i.e. 'WINMGMT.EXE /SYNCPERF'
24219 12:36:51 (0) **
24220 12:36:51 (0) ** WMI MOF representations: ............................................................................................ OK.
24221 12:36:51 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
24222 12:36:51 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 1 ERROR(S)!
24223 12:36:51 (0) ** - ROOT/WMI, InstancesOfAsync, 'MSMouse', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24224 12:36:51 (0) ** MOF Registration: ''
24225 12:36:51 (0) **
24226 12:36:51 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
24227 12:36:51 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
24228 12:36:51 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
24229 12:36:51 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
24230 12:36:51 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
24231 12:36:51 (0) ** WMI static instances retrieved: ..................................................................................... 1778.
24232 12:36:51 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
24233 12:36:51 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
24234 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24235 12:36:51 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
24236 12:36:51 (0) ** DCOM: ............................................................................................................. 0.
24237 12:36:51 (0) ** WINMGMT: .......................................................................................................... 0.
24238 12:36:51 (0) ** WMIADAPTER: ....................................................................................................... 0.
24239 12:36:51 (0) **
24240 12:36:51 (0) ** # of additional Event Log events AFTER WMIDiag execution:
24241 12:36:51 (0) ** DCOM: ............................................................................................................. 0.
24242 12:36:51 (0) ** WINMGMT: .......................................................................................................... 0.
24243 12:36:51 (0) ** WMIADAPTER: ....................................................................................................... 0.
24244 12:36:51 (0) **
24245 12:36:51 (0) ** 36 error(s) 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action
24246 12:36:51 (0) ** => This error is typically due to insufficient or restricted permissions in the examined system.
24247 12:36:51 (0) ** => ENSURE you are a Full Administrator of the examined system, if the WMI provider or the
24248 12:36:51 (0) ** WMI system security do not enforce any restrictions.
24249 12:36:51 (0) **
24250 12:36:51 (0) **
24251 12:36:51 (0) ** 35 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
24252 12:36:51 (0) ** => This error is typically a WMI error. This WMI error is due to:
24253 12:36:51 (0) ** - a missing WMI class definition or object.
24254 12:36:51 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
24255 12:36:51 (0) ** You can correct the missing class definitions by:
24256 12:36:51 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
24257 12:36:51 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
24258 12:36:51 (0) ** (This list can be built on a similar and working WMI Windows installation)
24259 12:36:51 (0) ** The following command line must be used:
24260 12:36:51 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
24261 12:36:51 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
24262 12:36:51 (0) ** with WMI by starting the ADAP process.
24263 12:36:51 (0) ** - a WMI repository corruption.
24264 12:36:51 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
24265 12:36:51 (0) ** to validate the WMI repository operations.
24266 12:36:51 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
24267 12:36:51 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
24268 12:36:51 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
24269 12:36:51 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
24270 12:36:51 (0) ** the WMI repository must be reconstructed.
24271 12:36:51 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
24272 12:36:51 (0) ** otherwise some applications may fail after the reconstruction.
24273 12:36:51 (0) ** This can be achieved with the following command:
24274 12:36:51 (0) ** i.e. 'WMIDiag ShowMOFErrors'
24275 12:36:51 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
24276 12:36:51 (0) ** ALL fixes previously mentioned.
24277 12:36:51 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
24278 12:36:51 (0) **
24279 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24280 12:36:51 (0) ** Unexpected, wrong or missing registry key values: ................................................................... 1 KEY(S)!
24281 12:36:51 (0) ** INFO: Unexpected registry key value:
24282 12:36:51 (0) ** - Current: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 0
24283 12:36:51 (0) ** - Expected: HKLM\SOFTWARE\Microsoft\WBEM\CIMOM\Logging (REG_SZ) -> 1
24284 12:36:51 (0) ** From the command line, the registry configuration can be corrected with the following command:
24285 12:36:51 (0) ** i.e. 'REG.EXE Add "HKLM\SOFTWARE\Microsoft\WBEM\CIMOM" /v "Logging" /t "REG_SZ" /d "1" /f'
24286 12:36:51 (0) **
24287 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24288 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24289 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24290 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24291 12:36:51 (0) **
24292 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24293 12:36:51 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
24294 12:36:51 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24295 12:36:51 (0) **
24296 12:36:51 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\ALEX FOLK\APPDATA\LOCAL\TEMP\WMIDIAG-V2.1_WIN7_.CLI.SP1.64_AFOLK_2012.04.28_12.31.07.LOG' for details.
24297 12:36:51 (0) **
24298 12:36:51 (0) ** WMIDiag v2.1 ended on Saturday, April 28, 2012 at 12:36 (W:56 E:78 S:1).

-------------------------


This log says the firewall is still down so I don't think my fix worked. PC is showing no signs of popups or any obvious virus, atm.

A fix would be very appreciated as I am stumped as to fixing this.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:41 PM

Posted 28 April 2012 - 02:06 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#3 folk11

folk11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 PM

Posted 28 April 2012 - 02:10 PM

Farbar Service Scanner Version: 24-04-2012
Ran by Alex Folk (administrator) on 28-04-2012 at 14:08:44
Running from "C:\Users\Alex Folk\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:41 PM

Posted 28 April 2012 - 02:55 PM

Before trying registry fixes

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt


Download

wscsvc

defender

Launch them ,click YES when you get UAC prompt

restart the PC and post the new FSS log

good luck

Edited by narenxp, 28 April 2012 - 02:56 PM.


#5 folk11

folk11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 PM

Posted 28 April 2012 - 03:12 PM

I want ahead and enabled security center

Farbar Service Scanner Version: 24-04-2012
Ran by Alex Folk (administrator) on 28-04-2012 at 15:06:41
Running from "C:\Users\Alex Folk\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:41 PM

Posted 28 April 2012 - 04:22 PM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users