New
#1
Open an Elevated COmmand Prompt and run the following command...
ping localhost
what happens?
What you should get is this...
Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>ping localhost Pinging NoelAsus-PC [::1] with 32 bytes of data: Reply from ::1: time<1ms Reply from ::1: time<1ms Reply from ::1: time<1ms Reply from ::1: time<1ms Ping statistics for ::1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Windows\system32>
If you get anything else....
What Anti-virus are you using? what other AVs have ever been installed?
Please post your C:\Windows\System32\drivers\etc\HOSTS file
This is what i get
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Αποστόλης>system32>ping localhost
'system32' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Αποστόλης>system32>ping localhost
'system32' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Αποστόλης>Pinging NoelAsus-PC [::1] with 32 bytes of data:
'Pinging' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Αποστόλης>Reply from ::1: time<1ms
The system cannot find the file specified.
C:\Users\Αποστόλης>Reply from ::1: time<1ms
The system cannot find the file specified.
C:\Users\Αποστόλης>Reply from ::1: time<1ms
The system cannot find the file specified.
C:\Users\Αποστόλης>Reply from ::1: time<1ms
The system cannot find the file specified.
C:\Users\Αποστόλης>Ping statistics for ::1:
Ping request could not find host statistics. Please check the name and try again
.
C:\Users\Αποστόλης> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
'Packets:' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Αποστόλης>Approximate round trip times in milli-seconds:
'Approximate' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Αποστόλης> Minimum = 0ms, Maximum = 0ms, Average = 0ms
My antivirus is Microsoft Security Essentials.
That looks normal (allowing for the obvious problems!)
PLease run the following command, and post the results.
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser"
Here it is:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Αποστόλης>REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
AppCompatFlags\Appraiser"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\A
ppraiser
UtcOnetimeSend REG_DWORD 0x1
C:\Users\Αποστόλης>
Looks definitely as if the task didn't run as it was supposed to
My programming skills are severely limited - so I'm groping for a cause here.
Let's have a look at the Event logs...
Open Event Viewer
click on the Windows logs entry in the left pane to expand it.
Now click on the Application entry - wait while it loads.
Click on 'File' in the menu bar and select Save...
Save the file as Appevt.evtx
Repeat for the System log
then zip both, and upload them.
Ahah!
Please open an ELevated command Prompt, and run the following commands
SC start SENS
SC start Wecsvc
SC start eventlog
SC queryex SENS
SC queryex Wecsvc
SC queryex eventlog
post the results.
These are the results:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>SC start SENS
[SC] StartService FAILED 1056:
An instance of the service is already running.
C:\Windows\system32>SC start Wecsvc
[SC] StartService FAILED 1068:
The dependency service or group failed to start.
C:\Windows\system32>SC start eventlog
[SC] StartService FAILED 1058:
The service cannot be started, either because it is disabled or because it has n
o enabled devices associated with it.
C:\Windows\system32>SC queryex SENS
SERVICE_NAME: SENS
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 748
FLAGS :
C:\Windows\system32>SC queryex Wecsvc
SERVICE_NAME: Wecsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\Windows\system32>SC queryex eventlog
SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\Windows\system32>
Hmmm - the Wecsvc depends on the eventlog service - in theory, if that starts, so should Wecsvc.
The eventlog service doesn't depend on anything - which probably means that the log is corrupt.
Try this...
Open an Elevated Command Prompt, and run the following command...
ICACLS C:\Windows\System32\winevt /T
post the results.