Solved Updates Fail, Slow Response, Fail to Connect to a Windows Service, etc

Kipac

New member
Local time
9:31 PM
Messages
43
Hi, l've been having a constant issue with my computer and I can't seem to get out of this trouble no matter how many times I reinstall and even wipe out my hard drive.

I wiped out everything in my hard drive and installed windows 7 Ultimate for the '7th' time, and the same problems happen every single time.

Right after the install, it seems to work fine but as I install numerous windows updates as it recommended (almost forced me to, 'cause it does automatically), my computer becomes so slow in everything.

It doesn't start up, the menu and such looks as if I'm in a safe mode (blocky and old looking) even if I manage to start it up, have to wait more than 15min or even 1hr for it to respond.

The situation I'm having now is, the pop up message saying:
"Failed to connect to a windows service: windows couldn't connect to the System Event Notification Service service. This prevents standard user from logging on to the system. As an administrative user, you can review the System Event Log for details about why the service didn't respond"

Also, the computer has been failing at installing several updates such as:
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems
Update for Windows 7 for x64-based Systems (KB2763523)(KB2719857)(KB2735855)(KB2750841)(KB2732059)


Because of that, it sometimes ran chkdsk on the boot screen and deleted/fixed files.

I don't think it's caused by virus 'cause I wiped out every single file in my hard drive before I reinstalled windows 7.
(And obviously, my hard drive is almost empty because of that)

Is it possible that either motherboard or hard drive is damaged and not working?
Or do I need a new windows 7 OS?
I don't understand why I'm having the same issues even after I reinstall and delete everything in my hard drive for the 7 times in total as I repeated many times.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
Please post
1) an MGADiag report -
Please follow this tutorial and post an MGADiag report - then we can see what the problem is.

http://www.sevenforums.com/windows-updates-activation/234159-windows-genuine-activation-issue-posting-instructions.html


Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!
http://www.microsoft.com/en-us/howtotell/Hardware.aspx

Ignore errors produced when clicking on the Copy button - they simply mean that the tool could not create the backup files for some reason. The data is still copied to the clipboard for pasting to your response.


2) http://www.sevenforums.com/windows-...4840-windows-update-posting-instructions.html
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
MGADiag result

Here's the MGADiag result.
I don't think I have COA sticker because I built this computer.
And I think my Windows OS is genuine because actually I posted a thread about a month ago, asking whether it's genuine or not, and it turned out to be genuine product. (You were in charge of that post, actually)

On a side note, the updates that I listed above seems to be repeating install& uninstall back and forth due to failure or some reason.. (computer seems to be reverting back to the state where those updates are not yet installed)

Code:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-VQQKT-QGGGP-RQ62D
Windows Product Key Hash: B1oWRG44kq4hE5pxicwjPOx3L+M=
Windows Product ID: 00426-437-6655695-85597
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {A78DF34F-E166-4B3D-9F0A-6D0574594103}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A78DF34F-E166-4B3D-9F0A-6D0574594103}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-RQ62D</PKey><PID>00426-437-6655695-85597</PID><PIDType>5</PIDType><SID>S-1-5-21-830803089-1998537374-2624207420</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>GA-970A-UD3</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F6</Version><SMBIOSVersion major="2" minor="4"/><Date>20120530000000.000000+000</Date></BIOS><HWID>5FEF3A07018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00170-437-665569-01-1033-7600.0000-3492012
Installation ID: 012026887656153343273396350182857416075330543243728144
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: RQ62D
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 12/22/2012 1:45:05 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAEABAABAAEAAAACAAAAAgABAAEAln0go/yI3N/cFVTyEDMGwww3Yj3Omq4dr/8gIQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name	OEMID Value	OEMTableID Value
  APIC			GBT   		GBTUACPI
  FACP			GBT   		GBTUACPI
  HPET			GBT   		GBTUACPI
  MCFG			GBT   		GBTUACPI
  MSDM			GBT   		GBTUACPI
  EUDS			GBT   		
  MATS			GBT   		
  TAMG			GBT   		GBT   B0
  MATS			GBT   		
  SSDT			AMD   		POWERNOW
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
I see an average of 10 new MGADiag threads every day - I didn't remember yours :)

Please post the results from teh Windows Update instructions - we can get started, then.
The reason I asked for the MGADiag was simply that there's a common problem which is easily identified using the report, which gives very similar errors to the ones you're experiencing.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
the thing comes to my mind is that you may downloaded the wrong driver in your updating. try to install the latest drivers by your own.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64core i7.
OS
Windows 7 Ultimate x64
CPU
core i7.
I'm in need of help!
I can't run SFC Scan because it's preventing me from doing it.

When I paste sfc /scannow and try to run it,
the command prompt says:
"There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again."

So, I restarted my computer few times already, but it's still saying the same thing.
I can't get out of the 'pending' status.

I even checked the status of updates from 'View update history', but there's no 'pending' anywhere.
Only 'successful' or 'failed' are there.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
Should I try System Restore?
I'm hesitant to do something because it might make the problem more complicated.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
I suspect System Restore will also fail.

Try this - it *may* work

Open an ELevated Command Prompt and run the following command

SC CONFIG TRUSTEDINSTALLER start= auto

Close the window, and reboot. Wait 15 minutes and reboot again.

Then try SFC again and see what happens.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Sadly, it didn't work..
It's the same as before.

When the computer turns off, it says something like "preparing to configure Windows" "please don't turn off your computer" but never finishes the job.

command prompt is also still saying there is a system repair pending.

Also, the computer became slower in booting (long time of black screen before sending me to log in screen) and showed 'failed to connect to windows service' pop-up message once after running that command.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
I'm not surprised about the extended boot time - TrustedInstaller was probably trying to complete the install and failing.
We'd better ensure that it's set back to its normal value.....
Open an Elevated Command Prompt, and run the following command

SC CONFIG TRUSTEDINSTALLER start= demand

close the window

I doubt that CheckSUR will work either - but it's worth a try
If it does, please post the results.

Also...

Please open Event Viewer
In the left pane, navigate to the Windows Logs
right-click on Applications and select 'Save all events as...' save as Apps.evtx
repeat for the System logs - save as Sys.evtx
Compress both files, and attach to your reply.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
It still gives me the same result after CheckSUR.

And by Event Viewer, do you mean the one that I can open by typing 'event viewer' in the 'Start' -> search bar?
If so, it is giving me an error message saying: "Event Log service is unavailable. Verify that the service is running."
and there's no log anywhere.
The only thing showing on the left pane of Event Viewer is 'Event Viewer (Local)'.
in the middle is that error message from above,
and the right pane just contains Event Viewer (Local)'s 'Connect to Another computer...' 'view' 'Refresh' 'Help'.

Do you think a video driver or chipsets has something to do with this kind of problems? 'cause when I searched through the internet, I found some of people recommending to try updating them to the newest.

Every time I reinstalled Windows 7 (7 times in total), I just reused chipsets, video drivers, usb, and audio updates that I've put in my usb flash drive because that's convenient.
If those files were happened to be corrupted and I used them to install, wouldn't that can be the cause of these problems?
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
Ahah! another clue :)

Please open an Elevated Command Prompt, and run the following commands

NET START EVENTLOG
SC QC EVENTLOG
NET START WECSVC
SC QC WECSVC
NET START EVENTSYSTEM
SC QC EVENTSYSTEM

post the results.
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Command Prompt Result

Here's a result of running those commands:


Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>NET START EVENTLOG
The Windows Event Log service is starting.
The Windows Event Log service was started successfully.


C:\Windows\system32>SC QC EVENTLOG
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: EVENTLOG
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\System32\svchost.exe -k LocalServiceNetw
orkRestricted
        LOAD_ORDER_GROUP   : Event Log
        TAG                : 0
        DISPLAY_NAME       : Windows Event Log
        DEPENDENCIES       :
        SERVICE_START_NAME : NT AUTHORITY\LocalService

C:\Windows\system32>NET START WECSVC
The Windows Event Collector service is starting........
The Windows Event Collector service could not be started.

More help is available by typing NET HELPMSG 3523.


C:\Windows\system32>SC QC WECSVC
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: WECSVC
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k NetworkService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : Windows Event Collector
        DEPENDENCIES       : HTTP
                           : Eventlog
        SERVICE_START_NAME : NT AUTHORITY\NetworkService

C:\Windows\system32>NET START EVENTSYSTEM
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Windows\system32>SC QC EVENTSYSTEM
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: EVENTSYSTEM
        TYPE               : 20  WIN32_SHARE_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k LocalService
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : COM+ Event System
        DEPENDENCIES       : rpcss
        SERVICE_START_NAME : NT AUTHORITY\LocalService

C:\Windows\system32>
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
It looks as if there's something wrong with the Event Collector Service.
Catch 22 applies here - the only sensible data would be in the Event Viewer- but that can't be used because teh Even Collector Service can't start... :)

Best check the Dependency service, I suppose...

Please run the following commands, and post the results.

NET START HTTP
SC QC HTTP

(I'm off to bed - see you tomorrow!)
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Result

Here's a result of command prompt.
And ok, good night :)

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>NET START HTTP
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


C:\Windows\system32>SC QC HTTP
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: HTTP
        TYPE               : 1  KERNEL_DRIVER
        START_TYPE         : 3   DEMAND_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : system32\drivers\HTTP.sys
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : HTTP
        DEPENDENCIES       :
        SERVICE_START_NAME :

C:\Windows\system32>
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
The chances are that your Eventlog problems are caused by corrupted logs
We'll have to see what logs are likely to be the cause, and rename them.

Please run the following commands in an Elevated Command prompt, and post the results.

DIR C:\Windows\System32\winevt\logs /on
ICACLS C:\Windows\System32\winevt\logs
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
Result of Command Prompt

Here's a result:

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>DIR C:\Windows\System32\winevt\logs /on
 Volume in drive C has no label.
 Volume Serial Number is 127B-6585

 Directory of C:\Windows\System32\winevt\logs

12/18/2012  04:50 PM    <DIR>          .
12/18/2012  04:50 PM    <DIR>          ..
12/21/2012  12:25 PM         2,166,784 Application.evtx
12/14/2012  10:09 PM            69,632 HardwareEvents.evtx
12/14/2012  10:09 PM            69,632 Internet Explorer.evtx
12/14/2012  10:09 PM            69,632 Key Management Service.evtx
12/14/2012  10:09 PM            69,632 Media Center.evtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-Application-Experience%
4Problem-Steps-Recorder.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-Application-Experience%
4Program-Compatibility-Assistant.evtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-Application-Experience%
4Program-Compatibility-Troubleshooter.evtx
12/15/2012  02:35 PM            69,632 Microsoft-Windows-Application-Experience%
4Program-Inventory.evtx
12/16/2012  02:21 AM            69,632 Microsoft-Windows-Application-Experience%
4Program-Telemetry.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-Audio%4CaptureMonitor.e
vtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-Audio%4Operational.evtx

12/21/2012  12:41 AM         1,052,672 Microsoft-Windows-Bits-Client%4Operationa
l.evtx
12/21/2012  12:27 PM         1,052,672 Microsoft-Windows-BranchCacheSMB%4Operati
onal.evtx
12/21/2012  12:44 PM            69,632 Microsoft-Windows-Dhcp-Client%4Admin.evtx

12/21/2012  12:41 AM            69,632 Microsoft-Windows-Dhcpv6-Client%4Admin.ev
tx
12/21/2012  12:41 AM         1,052,672 Microsoft-Windows-Diagnosis-DPS%4Operatio
nal.evtx
12/15/2012  02:35 PM            69,632 Microsoft-Windows-Diagnosis-Scheduled%4Op
erational.evtx
12/18/2012  04:45 PM            69,632 Microsoft-Windows-Diagnosis-Scripted%4Adm
in.evtx
12/18/2012  04:45 PM            69,632 Microsoft-Windows-Diagnosis-Scripted%4Ope
rational.evtx
12/18/2012  04:50 PM            69,632 Microsoft-Windows-Diagnosis-ScriptedDiagn
osticsProvider%4Operational.evtx
12/21/2012  12:41 AM         1,052,672 Microsoft-Windows-Diagnostics-Performance
%4Operational.evtx
12/21/2012  12:45 PM         1,052,672 Microsoft-Windows-DriverFrameworks-UserMo
de%4Operational.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-Fault-Tolerant-Heap%4Op
erational.evtx
12/21/2012  12:37 PM         1,118,208 Microsoft-Windows-GroupPolicy%4Operationa
l.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-Help%4Operational.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-HomeGroup Provider Serv
ice%4Operational.evtx
12/21/2012  12:35 PM            69,632 Microsoft-Windows-Kernel-EventTracing%4Ad
min.evtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-Kernel-Power%4Thermal-O
perational.evtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-Kernel-StoreMgr%4Operat
ional.evtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-Kernel-WHEA%4Errors.evt
x
12/21/2012  12:31 PM         1,052,672 Microsoft-Windows-Kernel-WHEA%4Operationa
l.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-Known Folders API Servi
ce.evtx
12/15/2012  02:35 PM            69,632 Microsoft-Windows-LanguagePackSetup%4Oper
ational.evtx
12/14/2012  07:29 PM            69,632 Microsoft-Windows-MUI%4Admin.evtx
12/15/2012  02:35 PM            69,632 Microsoft-Windows-MUI%4Operational.evtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-NCSI%4Operational.evtx
12/14/2012  07:29 PM            69,632 Microsoft-Windows-NetworkAccessProtection
%4Operational.evtx
12/14/2012  07:29 PM            69,632 Microsoft-Windows-NetworkAccessProtection
%4WHC.evtx
12/14/2012  08:01 PM            69,632 Microsoft-Windows-NetworkLocationWizard%4
Operational.evtx
12/21/2012  12:26 PM         1,052,672 Microsoft-Windows-NetworkProfile%4Operati
onal.evtx
12/21/2012  12:27 PM            69,632 Microsoft-Windows-OfflineFiles%4Operation
al.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-PrintService%4Admin.evt
x
12/21/2012  12:41 AM            69,632 Microsoft-Windows-ReadyBoost%4Operational
.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-ReliabilityAnalysisComp
onent%4Operational.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-RemoteDesktopServices-R
dpCoreTS%4Admin.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-RemoteDesktopServices-R
dpCoreTS%4Operational.evtx
12/14/2012  10:57 PM            69,632 microsoft-windows-RemoteDesktopServices-R
emoteDesktopSessionManager%4Admin.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-Resource-Exhaustion-Det
ector%4Operational.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-Resource-Exhaustion-Res
olver%4Operational.evtx
12/14/2012  07:29 PM            69,632 Microsoft-Windows-RestartManager%4Operati
onal.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Client
USBDevices%4Admin.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Client
USBDevices%4Operational.evtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-TerminalServices-LocalS
essionManager%4Admin.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-TerminalServices-LocalS
essionManager%4Operational.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-RDPCli
ent%4Operational.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Remote
ConnectionManager%4Admin.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Remote
ConnectionManager%4Operational.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Server
USBDevices%4Admin.evtx
12/14/2012  10:57 PM            69,632 Microsoft-Windows-TerminalServices-Server
USBDevices%4Operational.evtx
12/21/2012  12:36 PM            69,632 Microsoft-Windows-User Profile Service%4O
perational.evtx
12/21/2012  12:41 AM            69,632 Microsoft-Windows-WER-Diag%4Operational.e
vtx
12/14/2012  09:51 PM            69,632 Microsoft-Windows-Windows Defender%4Opera
tional.evtx
12/14/2012  09:51 PM            69,632 Microsoft-Windows-Windows Defender%4WHC.e
vtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-Windows Firewall With A
dvanced Security%4ConnectionSecurity.evtx
12/21/2012  12:26 PM         1,052,672 Microsoft-Windows-Windows Firewall With A
dvanced Security%4Firewall.evtx
12/14/2012  07:29 PM            69,632 Microsoft-Windows-WindowsBackup%4ActionCe
nter.evtx
12/15/2012  02:35 PM         1,052,672 Microsoft-Windows-WindowsSystemAssessment
Tool%4Operational.evtx
12/21/2012  12:41 AM         1,052,672 Microsoft-Windows-WindowsUpdateClient%4Op
erational.evtx
12/14/2012  10:09 PM            69,632 Microsoft-Windows-Winlogon%4Operational.e
vtx
12/21/2012  12:26 PM         1,052,672 Microsoft-Windows-WLAN-AutoConfig%4Operat
ional.evtx
12/21/2012  12:25 PM         4,263,936 Security.evtx
12/20/2012  01:18 AM         1,052,672 Setup.evtx
12/21/2012  12:25 PM        18,944,000 System.evtx
12/14/2012  10:09 PM            69,632 Windows PowerShell.evtx
              75 File(s)     43,233,280 bytes
               2 Dir(s)  73,580,122,112 bytes free

C:\Windows\system32>ICACLS C:\Windows\System32\winevt\logs
C:\Windows\System32\winevt\logs NT SERVICE\eventlog:(OI)(CI)(F)
                                NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                BUILTIN\Administrators:(OI)(CI)(F)
                                NT AUTHORITY\Authenticated Users:(CI)(R)

Successfully processed 1 files; Failed processing 0 files

C:\Windows\system32>
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
It looks like it's the System log that's stuck
we need to delete it, after saving the file to the desktop for any forensics..
Reboot to Safe Mode with Command prompt, and run

NET STOP EVENTLOG
COPY C:\Windows\System32\winevt\logs\system.evtx %userprofile%\desktop
DEL C:\Windows\System32\winevt\logs\system.evtx

The reboot to normal mode, and see if you can now open Event Viewer
 

My Computer My Computer

At a glance

Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
It's working! I can open Event Viewer now!
Then, shall I follow the guide you posted on the 1st page and post the compressed files of Apps.evtx and Sys.evtx?
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
Apps.evtx and Sys.evtx

Here are Apps.evtx and Sys.evtx from Event Viewer:
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
OS
Windows 7 Ultimate x64
Back
Top