New
#21
You obviously haven't seen some of my snottier posts, then!
I have and enjoyed every one of them.
Fixing a computer with hosed permissions & activation problems?
-
-
New #22
Edit: It's complaining Windows isn't genuine again. Maybe I should try to re-enter the COA key?
Here are the results:
Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>SC QC EVENTLOG [SC] QueryServiceConfig SUCCESS SERVICE_NAME: EVENTLOG TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted LOAD_ORDER_GROUP : Event Log TAG : 0 DISPLAY_NAME : Windows Event Log DEPENDENCIES : SERVICE_START_NAME : NT AUTHORITY\LocalService C:\Windows\system32>SC QUERYEX EVENTLOG SERVICE_NAME: EVENTLOG TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED WIN32_EXIT_CODE : 5 (0x5) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI C:\Windows\System32\Logfiles\WMI NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup C:\Windows\System32\Logfiles\WMI\RtBackup NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>Last edited by Keirnoth; 08 Oct 2012 at 20:57.
-
New #23
We need to change the permissions there first - it may well be what's causing the problems.
Open an Elevated Command Prompt windows, and run the following commands..
ICACLS C:\Windows\System32\Logfiles\WMI /grant SYSTEM:(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI /grant "LOCAL SERVICE":(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI /grant "NETWORK SERVICE":(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI /grant Administrators:(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI /grant "Performance Log Users":(OI)(CI)(F)
ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /grant SYSTEM:(OI)(CI)(F)
The reboot and run the following commands....
NET START EVENTLOG
SC QUERYEX EVENTLOG
NET START SPPSVC
post the results of those, and a new MGADiag report - I'll get on the file mismatches soon.
-
New #24
After running the icacls commands:
After rebooting and running the second set of commands:Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant SYSTEM:(OI)(CI)(F) processed file: C:\Windows\System32\Logfiles\WMI Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant "LOCAL SERVICE":(OI)(CI)(F) processed file: C:\Windows\System32\Logfiles\WMI Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant "NETWORK SERVICE":(OI)(CI)(F) processed file: C:\Windows\System32\Logfiles\WMI Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant Administrators:(OI)(CI)(F) processed file: C:\Windows\System32\Logfiles\WMI Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI /grant "Performance Log Users":(OI)(CI)(F) processed file: C:\Windows\System32\Logfiles\WMI Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /grant SYSTEM:(OI)(CI)(F) processed file: C:\Windows\System32\Logfiles\WMI\RtBackup Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>
Event Viewer/Log isn't starting? :(Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>NET START EVENTLOG The Windows Event Log service is starting. The Windows Event Log service could not be started. A system error has occurred. System error 5 has occurred. Access is denied. C:\Windows\system32>SC QUERYEX EVENTLOG SERVICE_NAME: EVENTLOG TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED WIN32_EXIT_CODE : 5 (0x5) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : C:\Windows\system32>NET START SPPSVC The requested service has already been started. More help is available by typing NET HELPMSG 2182. C:\Windows\system32>
-
New #25
Yeah - that's the root cause of your problem - it's lacking access to necessary files, so we need to work out which ones..... back later.
-
New #26
Are you saying that the permissions in the entire Windows folder could possibly have been hosed?
If so, damn, I wonder what this user did to cause that. The thing is, I've done a malware scan with all the usual tools and NOTHING is coming up that could suggest it was malware.
It just sounds like something went horribly wrong and took the entire system down with it.
At this point it almost sounds like it would be better off to just do a repair install, but I'm not giving up yet.
-
New #27
It certainly looks a possibility - a repair install may be the easiest solution.
Let's see if the RtBackup folder contents have the right permissions - and a few other things as well
In an Elevated Command Prompt window, run the following commands...
DIR C:\Windows\System32 /AR /S
ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /grant Administrators
R)
ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /T
ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /remove Administrators
ICACLS C:\Windows\System32\Logfiles
ICACLS C:\Windows\System32
ICACLS C:\Windows\Logs
ICACLS C:\Windows\ServiceProfiles\NetworkService
ICACLS C:\Windows\ServiceProfiles\LocalService
post the results - in a Code box, please!
-
New #28
Here you go. Word wrapping was a bit messed up so I did my best to clean it up.
Code:Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>DIR C:\Windows\System32 /AR /S Volume in drive C has no label. Volume Serial Number is 6EFF-DD7B Directory of C:\Windows\System32\config\systemprofile 10/06/2010 03:04 PM <DIR> Contacts 0 File(s) 0 bytes Directory of C:\Windows\System32\config\systemprofile\Contacts 10/06/2010 03:04 PM <DIR> . 10/06/2010 03:04 PM <DIR> .. 0 File(s) 0 bytes Directory of C:\Windows\System32\restore 10/06/2010 03:05 PM 76 MachineGuid.txt 1 File(s) 76 bytes Total Files Listed: 1 File(s) 76 bytes 3 Dir(s) 105,073,401,856 bytes free C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /grant Administrators:(R) processed file: C:\Windows\System32\Logfiles\WMI\RtBackup Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /T C:\Windows\System32\Logfiles\WMI\RtBackup NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Performance Log Users:(I)(OI)(CI)(F) BUILTIN\Administrators:(I)(OI)(CI)(F) NT AUTHORITY\NETWORK SERVICE:(I)(OI)(CI)(F) NT AUTHORITY\LOCAL SERVICE:(I)(OI)(CI)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F) C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTDiagLog.etl NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Performance Log Users:(I)(F) BUILTIN\Administrators:(I)(F) NT AUTHORITY\NETWORK SERVICE:(I)(F) NT AUTHORITY\LOCAL SERVICE:(I)(F) C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-Application.etl NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Performance Log Users:(I)(F) BUILTIN\Administrators:(I)(F) NT AUTHORITY\NETWORK SERVICE:(I)(F) NT AUTHORITY\LOCAL SERVICE:(I)(F) C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventlog-Security.etl NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Performance Log Users:(I)(F) BUILTIN\Administrators:(I)(F) NT AUTHORITY\NETWORK SERVICE:(I)(F) NT AUTHORITY\LOCAL SERVICE:(I)(F) C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTEventLog-System.etl NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Performance Log Users:(I)(F) BUILTIN\Administrators:(I)(F) NT AUTHORITY\NETWORK SERVICE:(I)(F) NT AUTHORITY\LOCAL SERVICE:(I)(F) C:\Windows\System32\Logfiles\WMI\RtBackup\EtwRTUBPM.etl NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Performance Log Users:(I)(F) BUILTIN\Administrators:(I)(F) NT AUTHORITY\NETWORK SERVICE:(I)(F) NT AUTHORITY\LOCAL SERVICE:(I)(F) Successfully processed 6 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles\WMI\RtBackup /remove Administrators processed file: C:\Windows\System32\Logfiles\WMI\RtBackup Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32\Logfiles C:\Windows\System32\Logfiles NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\System32 C:\Windows\System32 NT SERVICE\TrustedInstaller:(F) NT SERVICE\TrustedInstaller:(CI)(IO)(F) NT AUTHORITY\SYSTEM:(M) NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F) BUILTIN\Administrators:(M) BUILTIN\Administrators:(OI)(CI)(IO)(F) BUILTIN\Users:(RX) BUILTIN\Users:(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(OI)(CI)(IO)(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\Logs C:\Windows\Logs NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\NetworkService C:\Windows\ServiceProfiles\NetworkService NT AUTHORITY\SYSTEM:(F) BUILTIN\Administrators:(F) NT AUTHORITY\NETWORK SERVICE:(OI)(CI)(F) NT SERVICE\TrustedInstaller:(I)(F) NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) BUILTIN\Users:(I)(RX) BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE) CREATOR OWNER:(I)(OI)(CI)(IO)(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>ICACLS C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\LocalService NT AUTHORITY\SYSTEM:(OI)(CI)(F) BUILTIN\Administrators:(OI)(CI)(F) NT AUTHORITY\LOCAL SERVICE:(OI)(CI)(F) Successfully processed 1 files; Failed processing 0 files C:\Windows\system32>
-
New #29
Please let me know what needs to be done next. I see the seven forums are keeping you busy.
-
New #30
Not just the SF ones - I cover the MS forums as well.
The WBEM structure can also cause major problems - let's have a look there....
DIR C:\Windows\System32\wbem /AR
ICACLS C:\Windows\System32\wbem
ICACLS C:\Windows\System32\wbem\MOF
ICACLS C:\Windows\System32\wbem\xml
ICACLS C:\Windows\System32\wbem\Logs
ICACLS C:\Windows\System32\wbem\Performance
ICACLS C:\Windows\System32\wbem\Repository
ICACLS C:\Windows\System32\wbem\tmf
ICACLS C:\Windows\System32\wbem\en-US
Please post the results in a Code box in your reply (the #symbol in the menu)
Quote
Related Discussions