# windows security center disabled...



## acousticlemur (Jan 18, 2008)

*windows security center disabled????????*

i just installed windows defender on my computer (freshly formated new hard drive about 2 weeks ago) and it would not update because the security center was not running.  so i went to msconfig and it was not in the services list so i went to services.msc and it was disabled.  so i changed it to automatic and started it. after rebooting it was still running, so i restarted it again and it was disabled again, so i renabled it again. and when i went to the security center in control pannel it looked like this







i had to enable the windows firewall too.  but it says that automatic updates are turned off, so i went to change it and it said that it was on...???...????  i did the fast format this time cause i didnt want to wait for 500gb to format   and i have noticed a few other quirks mainly my audigy 4 pro software acting funny time to time.  do you think that i have a virus or something of that nature? i will put AVG on here tomorrow and maybe adaware.  i have never had a virus so i didnt see any need for anti virus and or spyware programs eating up resources.  but i am puzzled as to why my services are automatically shutting down...


----------



## acousticlemur (Jan 18, 2008)

bump???


----------



## Namslas90 (Jan 19, 2008)

Try the WMI utility;

http://www.microsoft.com/downloads/...d05-b11e-4c64192ae97d&displaylang=en#Overview


----------



## acousticlemur (Jan 19, 2008)

Namslas90 said:


> Try the WMI utility;
> 
> http://www.microsoft.com/downloads/...d05-b11e-4c64192ae97d&displaylang=en#Overview



just downloaded it thanks, i will run it in a few.  

here is another screenie of the defender error i get and the bottom left is what happens when i open the security center.


----------



## acousticlemur (Jan 19, 2008)

when i ran the script i got this error...


----------



## acousticlemur (Jan 19, 2008)

here is the report.  anyone with any idea as to what i should do next please help me!!! i was toying with the idea of reformatting and using my legal copy of windows, as i am not sure if that is the issue here or not. i have been using this one (XP Pro) for years with many instalations without any problems.  any way here it is...


20795 13:38:31 (0) ** WMIDiag v2.0 started on Saturday, January 19, 2008 at 13:36.
20796 13:38:31 (0) ** 
20797 13:38:31 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - January 2007.
20798 13:38:31 (0) ** 
20799 13:38:31 (0) ** This script is not supported under any Microsoft standard support program or service.
20800 13:38:31 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
20801 13:38:31 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
20802 13:38:31 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
20803 13:38:31 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
20804 13:38:31 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
20805 13:38:31 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
20806 13:38:31 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
20807 13:38:31 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
20808 13:38:31 (0) ** of the possibility of such damages.
20809 13:38:31 (0) ** 
20810 13:38:31 (0) ** 
20811 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
20812 13:38:31 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
20813 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
20814 13:38:31 (0) ** 
20815 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
20816 13:38:31 (0) ** Windows XP - Service pack 2 - 32-bit (2600) - User 'PORKCHOP\JOSH' on computer 'PORKCHOP'.
20817 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
20818 13:38:31 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
20819 13:38:31 (0) ** INFO: => 15 incorrect shutdown(s) detected on:
20820 13:38:31 (0) **          - Shutdown on 03 January 2008 18:21:46 (GMT+5).
20821 13:38:31 (0) **          - Shutdown on 03 January 2008 19:09:43 (GMT+5).
20822 13:38:31 (0) **          - Shutdown on 03 January 2008 21:19:24 (GMT+5).
20823 13:38:31 (0) **          - Shutdown on 03 January 2008 22:37:21 (GMT+5).
20824 13:38:31 (0) **          - Shutdown on 04 January 2008 18:48:14 (GMT+5).
20825 13:38:31 (0) **          - Shutdown on 04 January 2008 18:50:21 (GMT+5).
20826 13:38:31 (0) **          - Shutdown on 04 January 2008 18:53:19 (GMT+5).
20827 13:38:31 (0) **          - Shutdown on 04 January 2008 18:58:15 (GMT+5).
20828 13:38:31 (0) **          - Shutdown on 04 January 2008 20:26:37 (GMT+5).
20829 13:38:31 (0) **          - Shutdown on 04 January 2008 22:54:29 (GMT+5).
20830 13:38:31 (0) **          - Shutdown on 04 January 2008 23:07:22 (GMT+5).
20831 13:38:31 (0) **          - Shutdown on 05 January 2008 00:49:07 (GMT+5).
20832 13:38:31 (0) **          - Shutdown on 07 January 2008 16:19:16 (GMT+5).
20833 13:38:31 (0) **          - Shutdown on 08 January 2008 21:20:00 (GMT+5).
20834 13:38:31 (0) **          - Shutdown on 10 January 2008 20:06:50 (GMT+5).
20835 13:38:31 (0) ** 
20836 13:38:31 (0) ** System drive: ....................................................................................................... C: (Disk #1 Partition #0).
20837 13:38:31 (0) ** Drive type: ......................................................................................................... SCSI (WDC WD50 00AAKS-00YGA SCSI Disk Device).
20838 13:38:31 (0) ** There are no missing WMI system files: .............................................................................. OK.
20839 13:38:31 (0) ** There are no missing WMI repository files: .......................................................................... OK.
20840 13:38:31 (0) ** WMI repository state: ............................................................................................... NOT TESTED.
20841 13:38:31 (0) ** BEFORE running WMIDiag:
20842 13:38:31 (0) ** The WMI repository has a size of: ................................................................................... 7 MB.
20843 13:38:31 (0) ** - Disk free space on 'C:': .......................................................................................... 169422 MB.
20844 13:38:31 (0) **   - INDEX.BTR,                     1245184 bytes,      1/19/2008 1:34:10 PM
20845 13:38:31 (0) **   - INDEX.MAP,                     656 bytes,          1/19/2008 1:36:10 PM
20846 13:38:31 (0) **   - MAPPING.VER,                   4 bytes,            1/19/2008 1:36:10 PM
20847 13:38:31 (0) **   - MAPPING1.MAP,                  4060 bytes,         1/19/2008 1:36:10 PM
20848 13:38:31 (0) **   - MAPPING2.MAP,                  4060 bytes,         1/19/2008 1:34:10 PM
20849 13:38:31 (0) **   - OBJECTS.DATA,                  6602752 bytes,      1/19/2008 1:34:10 PM
20850 13:38:31 (0) **   - OBJECTS.MAP,                   3404 bytes,         1/19/2008 1:36:10 PM
20851 13:38:31 (0) ** AFTER running WMIDiag:
20852 13:38:31 (0) ** The WMI repository has a size of: ................................................................................... 7 MB.
20853 13:38:31 (0) ** - Disk free space on 'C:': .......................................................................................... 169420 MB.
20854 13:38:31 (0) **   - INDEX.BTR,                     1245184 bytes,      1/19/2008 1:34:10 PM
20855 13:38:31 (0) **   - INDEX.MAP,                     656 bytes,          1/19/2008 1:36:10 PM
20856 13:38:31 (0) **   - MAPPING.VER,                   4 bytes,            1/19/2008 1:36:10 PM
20857 13:38:31 (0) **   - MAPPING1.MAP,                  4060 bytes,         1/19/2008 1:36:10 PM
20858 13:38:31 (0) **   - MAPPING2.MAP,                  4060 bytes,         1/19/2008 1:34:10 PM
20859 13:38:31 (0) **   - OBJECTS.DATA,                  6602752 bytes,      1/19/2008 1:34:10 PM
20860 13:38:31 (0) **   - OBJECTS.MAP,                   3404 bytes,         1/19/2008 1:36:10 PM
20861 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
20862 13:38:31 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
20863 13:38:31 (0) ** Windows Firewall Profile: ........................................................................................... STANDARD.
20864 13:38:31 (0) ** Windows Firewall 'RemoteAdmin' status: .............................................................................. DISABLED.
20865 13:38:31 (0) ** => This will prevent any WMI remote connectivity to this machine.
20866 13:38:31 (0) **    - You can adjust the configuration by executing the following command:
20867 13:38:31 (0) **    i.e. 'NETSH.EXE FIREWALL SET SERVICE REMOTEADMIN ENABLE SUBNET'
20868 13:38:31 (0) ** 
20869 13:38:31 (0) ** Windows Firewall application exception for 'UNSECAPP.EXE': .......................................................... MISSING.
20870 13:38:31 (0) ** => This will prevent any script and MMC application asynchronous callbacks to this machine.
20871 13:38:31 (0) **    - You can adjust the configuration by executing the following command:
20872 13:38:31 (0) **    i.e. 'NETSH.EXE FIREWALL SET ALLOWEDPROGRAM C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE WMICALLBACKS ENABLE'
20873 13:38:31 (0) ** 
20874 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
20875 13:38:31 (1) !! ERROR: DCOM Status: ................................................................................................. ERROR!
20876 13:38:31 (1) !! ERROR: => The DCOM configuration on this computer is DISABLED.
20877 13:38:31 (0) **    This prevents WMI to work correctly.
20878 13:38:31 (0) **    You can fix the DCOM configuration by:
20879 13:38:31 (0) **    - Executing the 'DCOMCNFG.EXE' command.
20880 13:38:31 (0) **    - Expanding 'Component Services' and 'Computers' nodes.
20881 13:38:31 (0) **    - Editing properties of 'My Computer' node.
20882 13:38:31 (0) **    - Editing the 'Default properties' tab.
20883 13:38:31 (0) **    - Activate the 'Enable Distributed COM on this computer' checkbox.
20884 13:38:31 (0) **    From the command line, the DCOM configuration can be corrected with the following command:
20885 13:38:31 (0) **    i.e. 'REG.EXE Add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /t REG_SZ /d Y /f'
20886 13:38:31 (0) ** 
20887 13:38:31 (0) ** WMI registry setup: ................................................................................................. OK.
20888 13:38:31 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
20889 13:38:31 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
20890 13:38:31 (0) ** - Windows Firewall/Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Automatic')
20891 13:38:31 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
20892 13:38:31 (0) **    Note: If the service is marked with (*), it means that the service/application uses WMI but
20893 13:38:31 (0) **          there is no hard dependency on WMI. However, if the WMI service is stopped,
20894 13:38:31 (0) **          this can prevent the service/application to work as expected.
20895 13:38:31 (0) ** 
20896 13:38:31 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
20897 13:38:31 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
20898 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
20899 13:38:31 (0) ** WMI service DCOM setup: ............................................................................................. OK.
20900 13:38:31 (0) ** WMI components DCOM registrations: .................................................................................. OK.
20901 13:38:31 (0) ** WMI ProgID registrations: ........................................................................................... OK.
20902 13:38:31 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
20903 13:38:31 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
20904 13:38:31 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
20905 13:38:31 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
20906 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
20907 13:38:31 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
20908 13:38:31 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
20909 13:38:31 (0) **        - ACTUAL ACE:
20910 13:38:31 (0) **          ACEType:  &h0
20911 13:38:31 (0) **                    ACCESS_ALLOWED_ACE_TYPE
20912 13:38:31 (0) **          ACEFlags: &h2
20913 13:38:31 (0) **                    CONTAINER_INHERIT_ACE
20914 13:38:31 (0) **          ACEMask:  &h1
20915 13:38:31 (0) **                    WBEM_ENABLE
20916 13:38:31 (0) **        - EXPECTED ACE:
20917 13:38:31 (0) **          ACEType:  &h0
20918 13:38:31 (0) **                    ACCESS_ALLOWED_ACE_TYPE
20919 13:38:31 (0) **          ACEFlags: &h12
20920 13:38:31 (0) **                    CONTAINER_INHERIT_ACE
20921 13:38:31 (0) **                    INHERITED_ACE
20922 13:38:31 (0) **          ACEMask:  &h13
20923 13:38:31 (0) **                    WBEM_ENABLE
20924 13:38:31 (0) **                    WBEM_METHOD_EXECUTE
20925 13:38:31 (0) **                    WBEM_WRITE_PROVIDER
20926 13:38:31 (0) ** 
20927 13:38:31 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
20928 13:38:31 (0) **    This will cause some operations to fail!
20929 13:38:31 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
20930 13:38:31 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
20931 13:38:31 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
20932 13:38:31 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
20933 13:38:31 (0) **       A specific WMI application can always require a security setup different
20934 13:38:31 (0) **       than the WMI security defaults.
20935 13:38:31 (0) ** 
20936 13:38:31 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
20937 13:38:31 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default)
20938 13:38:31 (0) **        - ACTUAL ACE:
20939 13:38:31 (0) **          ACEType:  &h0
20940 13:38:31 (0) **                    ACCESS_ALLOWED_ACE_TYPE
20941 13:38:31 (0) **          ACEFlags: &h2
20942 13:38:31 (0) **                    CONTAINER_INHERIT_ACE
20943 13:38:31 (0) **          ACEMask:  &h1
20944 13:38:31 (0) **                    WBEM_ENABLE
20945 13:38:31 (0) **        - EXPECTED ACE:
20946 13:38:31 (0) **          ACEType:  &h0
20947 13:38:31 (0) **                    ACCESS_ALLOWED_ACE_TYPE
20948 13:38:31 (0) **          ACEFlags: &h12
20949 13:38:31 (0) **                    CONTAINER_INHERIT_ACE
20950 13:38:31 (0) **                    INHERITED_ACE
20951 13:38:31 (0) **          ACEMask:  &h13
20952 13:38:31 (0) **                    WBEM_ENABLE
20953 13:38:31 (0) **                    WBEM_METHOD_EXECUTE
20954 13:38:31 (0) **                    WBEM_WRITE_PROVIDER
20955 13:38:31 (0) ** 
20956 13:38:31 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed!
20957 13:38:31 (0) **    This will cause some operations to fail!
20958 13:38:31 (0) **    It is possible to fix this issue by editing the security descriptor and adding the removed right.
20959 13:38:31 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
20960 13:38:31 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
20961 13:38:31 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
20962 13:38:31 (0) **       A specific WMI application can always require a security setup different
20963 13:38:31 (0) **       than the WMI security defaults.
20964 13:38:31 (0) ** 
20965 13:38:31 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ..................................................................... MODIFIED.
20966 13:38:31 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
20967 13:38:31 (0) **        - REMOVED ACE:
20968 13:38:31 (0) **          ACEType:  &h0
20969 13:38:31 (0) **                    ACCESS_ALLOWED_ACE_TYPE
20970 13:38:31 (0) **          ACEFlags: &h12
20971 13:38:31 (0) **                    CONTAINER_INHERIT_ACE
20972 13:38:31 (0) **                    INHERITED_ACE
20973 13:38:31 (0) **          ACEMask:  &h13
20974 13:38:31 (0) **                    WBEM_ENABLE
20975 13:38:31 (0) **                    WBEM_METHOD_EXECUTE
20976 13:38:31 (0) **                    WBEM_WRITE_PROVIDER
20977 13:38:31 (0) ** 
20978 13:38:31 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
20979 13:38:31 (0) **    Removing default security will cause some operations to fail!
20980 13:38:31 (0) **    It is possible to fix this issue by editing the security descriptor and adding the ACE.
20981 13:38:31 (0) **    For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
20982 13:38:31 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace.
20983 13:38:31 (0) **       The security diagnostic is based on the WMI namespace expected defaults.
20984 13:38:31 (0) **       A specific WMI application can always require a security setup different
20985 13:38:31 (0) **       than the WMI security defaults.
20986 13:38:31 (0) ** 
20987 13:38:31 (0) ** 
20988 13:38:31 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
20989 13:38:31 (0) ** DCOM security error(s) detected: .................................................................................... 0.
20990 13:38:31 (0) ** WMI security warning(s) detected: ................................................................................... 0.
20991 13:38:31 (0) ** WMI security error(s) detected: ..................................................................................... 3.
20992 13:38:31 (0) ** 
20993 13:38:31 (0) ** Overall DCOM security status: ....................................................................................... OK.
20994 13:38:31 (1) !! ERROR: Overall WMI security status: ................................................................................. ERROR!
20995 13:38:31 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
20996 13:38:31 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
20997 13:38:31 (0) ** - ROOT/SUBSCRIPTION, MSFT_UCScenarioControl.Name="Microsoft WMI Updating Consumer Scenario Control".
20998 13:38:31 (0) **   'SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario''
20999 13:38:31 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
21000 13:38:31 (0) **   'select * from MSFT_SCMEventLogEvent'
21001 13:38:31 (0) ** 
21002 13:38:31 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
21003 13:38:31 (0) ** WMI ADAP status: .................................................................................................... OK.
21004 13:38:31 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)!
21005 13:38:31 (0) ** - ROOT/SERVICEMODEL.
21006 13:38:31 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
21007 13:38:31 (0) **    use an encrypted connection by specifying the PACKET PRIVACY authentication level.
21008 13:38:31 (0) **    (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
21009 13:38:31 (0) **    i.e. 'WMIC.EXE /NODE:"PORKCHOP" /AUTHLEVELktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
21010 13:38:31 (0) ** 
21011 13:38:31 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
21012 13:38:31 (0) ** WMI CONNECTIONS: .................................................................................................... OK.
21013 13:38:31 (0) ** WMI GET operations: ................................................................................................. OK.
21014 13:38:31 (0) ** WMI MOF representations: ............................................................................................ OK.
21015 13:38:31 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
21016 13:38:31 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
21017 13:38:31 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
21018 13:38:31 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
21019 13:38:31 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
21020 13:38:31 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
21021 13:38:31 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
21022 13:38:31 (0) ** WMI static instances retrieved: ..................................................................................... 772.
21023 13:38:31 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
21024 13:38:31 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 0.
21025 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
21026 13:38:31 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
21027 13:38:31 (0) **   DCOM: ............................................................................................................. 21.
21028 13:38:31 (0) **   WINMGMT: .......................................................................................................... 7.
21029 13:38:31 (0) **   WMIADAPTER: ....................................................................................................... 0.
21030 13:38:31 (0) ** => Verify the WMIDiag LOG at line #20306 for more details.
21031 13:38:31 (0) ** 
21032 13:38:31 (0) ** # of additional Event Log events AFTER WMIDiag execution:
21033 13:38:31 (0) **   DCOM: ............................................................................................................. 0.
21034 13:38:31 (0) **   WINMGMT: .......................................................................................................... 0.
21035 13:38:31 (0) **   WMIADAPTER: ....................................................................................................... 0.
21036 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
21037 13:38:31 (0) ** WMI Registry key setup: ............................................................................................. OK.
21038 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
21039 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
21040 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
21041 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
21042 13:38:31 (0) ** 
21043 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
21044 13:38:31 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
21045 13:38:31 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
21046 13:38:31 (0) ** 
21047 13:38:31 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!.  Check 'C:\DOCUMENTS AND SETTINGS\JOSH\LOCAL SETTINGS\TEMP\WMIDIAG-V2.0_XP___.CLI.SP2.32_PORKCHOP_2008.01.19_13.35.37.LOG' for details.
21048 13:38:31 (0) ** 
21049 13:38:31 (0) ** WMIDiag v2.0 ended on Saturday, January 19, 2008 at 13:38 (W:68 E:7 S:1).


----------



## Graogrim (Jan 19, 2008)

Some malware will actively interfere with programs like Windows Defender. Judging from the screenshot of WD you've presented above, it looks like you've got something going on in that department.

To properly clean your system, it's likely you'll have to do so from outside the OS environment--i.e. from separate bootable media capable of running cleaning software and accessing your hard drive. There are LiveCDs and Windows preinstalled environment CDs that will fill the bill. Your average bootable floppy won't cut it. Alternatively, you can physically remove the hard drive from your system and connect it as a secondary drive to a clean system for disinfection. If you do that, DO NOT RUN ANYTHING on your hard drive while it's connected to that other sytem or you risk spreading the infection.


----------



## keakar (Jan 19, 2008)

what do you expect when you run without any anti-virus  thats crazy!

they are free, why arent you using one? 

the fastest and only sure way to fix is complete reformat and reinstall of windows, and this time install the anti virus first before you even start loading windows updates.


this is the best i have found, give it a try, it self updates and for me it hasnt let any viruses get past it yet. http://www.softpedia.com/get/Antivirus/Avast-Home-Edition.shtml


----------



## acousticlemur (Jan 19, 2008)

keakar said:


> what do you expect when you run without any anti-virus  thats crazy!
> 
> they are free, why arent you using one?
> 
> ...



I just installed avast and am waiting for office 2007 SP1 to finish DL and then i will reboot and scan.  but i dont think it will come up with anything.  i knew i should have done a full format instead of a quick one.  i think that has something to do with the issues too.  i have had a few issues in the past with the quick format, but i didnt want to wait for 500GB to fully format......stupid me..


----------



## keakar (Jan 20, 2008)

acousticlemur said:


> I just installed avast and am waiting for office 2007 SP1 to finish DL and then i will reboot and scan.  but i dont think it will come up with anything.  i knew i should have done a full format instead of a quick one.  i think that has something to do with the issues too.  i have had a few issues in the past with the quick format, but i didnt want to wait for 500GB to fully format......stupid me..



ya those viruses are like cockroaches, once you find one you never seam to be able to get rid of them


----------



## Graogrim (Jan 20, 2008)

For the purposes of virus infection there's not really any practical difference between a quick format versus a full one. Even if some malware/virus code is sitting intact in an unreferenced part of your hard drive after a quick format install, an uninfected system isn't going to go looking for it or accidentally execute it. In all likelihood you're either getting infected from whatever websites you visit or from some files you've set aside.

If you're going to reinstall for the purpose of eliminating infection, do so from original media only. Do not connect to the Internet during the setup process. Once you have your base clean install up and running, connect to the Internet from behind a router (make sure that XP's own firewall is also enabled first) if you can and make Microsoft Update your first stop. Download ALL the security patches. This will require several reboots, and you won't be able to see all the updates at first. Only when you've downloaded every last update should you even think of connecting anywhere else on the net or installing any other software. The first thing you should install should be antivirus software. I personally use Avast and it seems ok. Do not reinstall any previously downloaded programs--delete them as they are all suspect and re-download them from scratch only from trustworthy official sites. Use Firefox with NoScript whenever possible--while not completely foolproof it lessens your exposure as much as reasonably possible.

Think carefully about your downloads. Does a wallpaper really need an executable installer? (That's a Hell No, by the way) Does a World of Warcraft addon? Nope. View anything abnormal like that with extreme suspicion.

All these suggestions might seem like a goodly bit of extra hassle but they're actually just commonsense safety practices. Get used to adhering to them and pretty soon they won't seem like any trouble at all, and you'll have a lot less trouble with viruses and such.


----------



## acousticlemur (Jan 20, 2008)

as far as me talking about the quick format i mean i just got this hard drive from new egg about 2 weeks ago, and i did the quick format instead of waiting for a full one.  usually i delete the partition and do a full format, but being that it was a 500 gb drive i didnt want to wait.  the only things i have downloaded are windows updates, nvidia drivers (from nvidia) avast, windows defender, adaware, fur benchmark (from here) and my audigy 4 pro drivers and software (from creative) which is why i am so confused as to how i got them...  i dont dl torrents or P2P on my computer, only my laptop while at work from public wifi, but i have mcafee super mondo everything protection on it, and it has never failed me in the past, and i havent downloaded anything from that route in prolly 6 months...  my computer is networked with 2 other computers and my xbox at home  and there are 2 routers between my computer and the internet. a wrt54gx4 and a MTA voip router. and the other 2 computers are fine.

avast picked up one virus on my C:\ drive in the win32 folder that i deleted in safe mode, and a bunch on my storage drive, but they were all good ones (time lockers, cracks, ect..) that i have had for months if not years with no issues.  i dont download wall papers, i usually just use the boring blue xp pro one or photo's that i have taken or photoshop'd.

i have not noticed anything wierd or unusual as far as my computer preformance, hdd racing when it should be idle, or anything of that sort, i dont go to obvious sespools of viri like pr0n sites (i have a beautiful girl friend  )  so i am clueless...


----------



## acousticlemur (Jan 20, 2008)

still having the same problems with security center so i am off to format.... i wll be back in a few hours!! lol, see ya bye...


----------



## acousticlemur (Jan 21, 2008)

ok i have reinstalled windows xp, home this time, and first i installed avast then updates and then everything i had on before.

after installing dvd fab platinium 4 avast had a virus error at C:\Documents and Settings\Josh\Local Settings\Temp  and the file is a registry entry called 1.reg  i have tried to repair, delete blah blah blah and it keeps comming back. and prior to installing dvd fab platinium my security center worked properly now it is back to the same problem...

i opened the registry entry 1.reg with notepad and this is what it says

REGEDIT4

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"=""

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Start"=dword:00000004

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004

 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="N"
"EnableRemoteConnect"="N"

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000001

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT1.0\Server]
"Enabled"=hex:00

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000000
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000001
"AllowUnqualifiedQuery"=dword:00000000
"PrioritizeRecordData"=dword:00000001
"TCP1320Opts"=dword:00000003
"KeepAliveTime"=dword:00023280
"BcastQueryTimeout"=dword:000002ee
"BcastNameQueryCount"=dword:00000001
"CacheTimeout"=dword:0000ea60
"Size/Small/Medium/Large"=dword:00000003
"LargeBufferSize"=dword:00001000
"SynAckProtect"=dword:00000002
"PerformRouterDiscovery"=dword:00000000
"EnablePMTUBHDetect"=dword:00000000
"FastSendDatagramThreshold "=dword:00000400
"StandardAddressLength "=dword:00000018
"DefaultReceiveWindow "=dword:00004000
"DefaultSendWindow"=dword:00004000
"BufferMultiplier"=dword:00000200
"PriorityBoost"=dword:00000002
"IrpStackSize"=dword:00000004
"IgnorePushBitOnReceives"=dword:00000000
"DisableAddressSharing"=dword:00000000
"AllowUserRawAccess"=dword:00000000
"DisableRawSecurity"=dword:00000000
"DynamicBacklogGrowthDelta"=dword:00000032
"FastCopyReceiveThreshold"=dword:00000400
"LargeBufferListDepth"=dword:0000000a
"MaxActiveTransmitFileCount"=dword:00000002
"MaxFastTransmit"=dword:00000040
"OverheadChargeGranularity"=dword:00000001
"SmallBufferListDepth"=dword:00000020
"SmallerBufferSize"=dword:00000080
"TransmitWorker"=dword:00000020
"DNSQueryTimeouts" =hex(7):31,00,00,00,32,00,00,00,32,00,00,00,34,00,00,00,38,00,00,00,30,00,00,00,00,00
"DefaultRegistrationTTL"=dword:00000014
"DisableReplaceAddressesInConflicts"=dword:00000000
"DisableReverseAddressRegistrations"=dword:00000001



if any one with more knowledge about this could help me it would be super!!!  i can tell that it has to do with my internet connection and stuff but as far as just what it is doing i am not sure.

i just uninstalled the dvd fab platinium program and i will run registry mechanic and avast and then reboot and see if the security center is back to normal again....


also after installig the dvd fab program a windows firewall alow or deny window popped up asking to allow win32 somthing i dont remember exactly what it was, but i didnt allow it...


----------

