We found that after doing a system restore on a Vista x64 sp1, it blue screened on startup, however a safe mode boot worked; after enabling msconfig, and disabling all the Symantec modules, the system booted;
Next step was uninstalling Endpoint which failed on the services screen, on further investigation we found that the “event viewer service” was not starting, and was generating a “Error_WMI_Instance_Not_Found 4201 The instance passed was not recognized as valid by WMI data provider”
We found the quickest fix was to boot into repair mode, and rename Repository locate in C:\windows\systems32\wbem\
If this does not work, then
net stop winmgmt
winmgmt /resetrepository
restart computer, event viewer should now be working, Endpoint did not not to be uninstalled.
http://www.vistax64.com/tutorials/110886-event-viewer-error-4201-a.html
