Trying to disable xp_Cmdshell and rpc_out and and receiving mixed results

I'm trying to disable xp_Cmdshell and rpc_out and when I run the commands on query analyzer it shows it's disabled. But after this I need to run a security scan report which provides me the following report that it's has not been disabled. Can anyone help me? > 5 Microsoft SQL Server Database Link Crawling Command Execution > > QID: > 19824 > > Category: > Database > > CVE ID: > - > > Vendor Reference > - > > Bugtraq ID: > - > > Service Modified: > 02/20/2013 > > User Modified: > - > > Edited: > No > > PCI Vuln: > Yes > > THREAT: > Microsoft SQL Server is exposed to a remote command execution vulnerability. > > Affected Versions: > Microsoft SQL Server 2005, 2008, 2008 R2, 2012 are affected. > > IMPACT: > Successful exploitation could allow attackers to obtain sensitive information and execute arbitrary code. > > SOLUTION: > There are no solutions available at this time. > Workaround: > Disable RPC_Out and xp_cmdshell for this issue. > > COMPLIANCE: > Not Applicable > > EXPLOITABILITY: > There is no exploitability information for this vulnerability. > > ASSOCIATED MALWARE: > There is no malware information for this vulnerability. > > RESULTS: > C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe Version is 2009.100.4000.0