Eventvwr.msc doesn't open

[Flavius]

BIOS time is perfect!!

Uninstall Norman very exactly and after remove manually folder C:\Program Files\Norman (surly after only unistalling remains will still exist),then run CAPI.BAT with administrative previlliges (right click on it as administrator - it is neccessary if you use UAC) ,BAT file is attached below,after all install Norman again.

 

[capi]

BIOS time is perfect!!

Uninstall Norman very exactly and after remove manually folder C:\Program Files\Norman (surly after only unistalling remains will still exist),then run CAPI.BAT with administrative previlliges (right click on it as administrator - it is neccessary if you use UAC) ,BAT file is attached below,after all install Norman again.

Are u sure there is no corrupt file in this attachment or anything? Removing the antivirus isnt it dangerous?

 

[Flavius]

Are u sure there is no corrupt file in this attachment or anything?

It shouldn't but due to hosting it is really a bit modificated.I packed this file to *.zip (for protection to avoid any modification) and attached below again,unpack this file,uninstall antivirus and remove munulally his remains (probably folder C:\Program Files\Norman will still exist after uninstalling so you'll have to remove it manually),then right click CAPI.BAT as a administrator and let me know results-neverless good or bad..If everything will be fine you can install Norman again

Removing the antivirus isnt it dangerous?

If you uninstall antivirus and then manually remove his remains isn't dangerous - many people do this when change antivirus

EDIT
I checked file which attached below and is OK

 

[capi]

Well now i got a little problem. I installed NORMAN antivirus for a time ago, but i havnt got the installation program anywhere, only the program on my computer. If i uninstall the program, then delete the remains, there is no way to get it back(if it isnt buying the product again). Isn't there any other way?

Another thing. For me it seems strange that NORMAN antivirus created this problem the day it happened, and not before, because I had already had the antivirus installed for some months. Shouldn't the problem have ocured before?

 

[capi]

And by the way, what does this .BAT file does to the computer? I looked inside the document it self, and it says for example at the begining:

wevtutil cl Application
wevtutil cl "DFS Replication"
wevtutil cl HardwareEvents
wevtutil cl "Internet Explorer"
wevtutil cl "Key Management Service"
wevtutil cl "Media Center"
wevtutil cl ODiag
wevtutil cl OSession
wevtutil cl Security
wevtutil cl System
[...]

Doesn't that mean clean?

And why does NORMAN antivirus has to be uninstalled?

Sorry for so many questions, only want to be sure:D

 

[Flavius]

And why does NORMAN antivirus has to be uninstalled?

Due to undentified come back to 1601 at the moment antivirus generated full events from 1601 very like by changing time in BIOS (althought I remember BIOS time hasn't been never changed) and I know from my experience even time (and everything ) is correct now antivirus remembered his presents in "past" and can (but haven't to be) strange things happen:cannot updating virus data,someones components don't work,generate strange,paradoxical events both built-in antivirus event viewer and in to system event viewer.Antiviruses are much more influence for changing time than other programs thus you should uninstall it,remove manullay his remains (his remains are mostly built-in antivirus event log) and install it again.You should do this even your antivirus seems works fine -this only prevential procedure for more ensure to elimanate your trouble

Shouldn't the problem have ocured before?

Theoreticly this problem never happens and you only hope it was a moment computer error and it is gone now only still remains after damage of system - if not-the *.BAT file no help

but:

Well now i got a little problem. I installed NORMAN antivirus for a time ago, but i havnt got the installation program anywhere

OK at the moment leave this antivirus and only run CAPI.BAT but if no help,definitly uninstall Norman and run CAPI.BAT again

And by the way, what does this .BAT file does to the computer? I looked inside the document it self, and it says for example at the begining:

As I said before you have surly strange,paradoxical events logs thus you can't open it,but if it was only at the moment strange computer error if you clear all events logs your event viewer should work again - theoreticly.These commands of course clear events logs in any sections not these sections!Wevtutil

 

[capi]

It seems it doen't allow me to clear the files, because i have no acces, which folder should i takown of to manage it?

 

[Flavius]

It seems it doen't allow me to clear the files, because i have no acces, which folder should i takown of to manage it?

I don't exactly understand :eek: what do you mean. Do you have trouble with remains after Norman?.You have to takeownership folder C:\Program Files\Norman and his all subfolders and of course full control for Administrators group for this folder and his subfolders http://www.vistax64.com/tutorials/67717-take-ownership-file.html
Whats message have you? If you have "process busy" or likely try in safe mode or if nothing work - but in safe should be :huh: ->
->boot DVD Vista:
Choose language >>repair computer>>command prompt

RD /S "C:\Program Files\Norman"

Of course from DVD Vista you have full access for everything

 

[capi]

no, u said i could try it out without uninstalling NORMAN antivirus, didnt u?

I tried, but in the command prompt, when i run the program it says i have no acces, and it cannot clear it

 

[Flavius]

I tried, but in the command prompt, when i run the program it says i have no acces, and it cannot clear it

Very strange and very bad - I told you it's only false alarm with permission due to time and changing permissions no help you (I hope you've runned CAPI.BAT with administrative previlliges ->right click on file as administrator)

Try this:
1.Try run CAPI.BAT in safe mode
2.If point 1 no help:downoload PsTools unpack file psexec.exe and place it in C;\Windows\Systen32,file CAPI.BAT also place in C;\Windows\Systen32.
In safe mode:run cmd.exe and type:
psexec -s -i -d CAPI.BAT

This command allow you run file from a SYSTEM account not from your ownself (see describe psexec.exe) and check results...

 

[capi]

I tried, but in the command prompt, when i run the program it says i have no acces, and it cannot clear it

Very strange and very bad - I told you it's only false alarm with permission due to time and changing permissions no help you (I hope you've runned CAPI.BAT with administrative previlliges ->right click on file as administrator)

Try this:
1.Try run CAPI.BAT in safe mode
2.If point 1 no help:downoload PsTools unpack file psexec.exe and place it in C;\Windows\Systen32,file CAPI.BAT also place in C;\Windows\Systen32.
In safe mode:run cmd.exe and type:
psexec -s -i -d CAPI.BAT

This command allow you run file from a SYSTEM account not from your ownself (see describe psexec.exe) and check results...

Silly me forgot to run it as administrator, sorry for confusing u
Will check results soon

 

[capi]

Bah, no use again Although it did clear my whole log!! I checked in Computer management, and the log was almost empty(except the few things that had happened bfore i actually opened computer management.

 

[Flavius]

Someones things caused wrong events logs - but what hell it is...your antivirus as I suggested before or something another:huh: (in Program Files you have strange things which not only comes due to antivirus) but there is way find precise what is it

do this:
1.In cmd.exe (running with administrative previlliges) type

C:
cd\
dir /s >C:\all.txt

2.I attached bellow packed CAPI2.BAT which exports all logs from your event viewer to *.evtx files- I'll try to read them.Unpack and Run CAPI2.BAT with administrative previlliges (don't forge right click on it as admin) and find all *.evtx files - all evtx files and all.txt pack to zip and upload on RapidShare: Easy Filehosting
And give me a bit more time for analysis...

 

[capi]

Someones things caused wrong events logs - but what hell it is...your antivirus as I suggested before or something another:huh: (in Program Files you have strange things which not only comes due to antivirus) but there is way find precise what is it

do this:
1.In cmd.exe (running with administrative previlliges) type

C:
cd\
dir /s >C:\all.txt

2.I attached bellow packed CAPI2.BAT which exports all logs from your event viewer to *.evtx files- I'll try to read them.Unpack and Run CAPI2.BAT with administrative previlliges (don't forge right click on it as admin) and find all *.evtx files - all evtx files and all.txt pack to zip and upload on RapidShare: Easy Filehosting
And give me a bit more time for analysis...

Ok, did until the part where i run the file u attached. Suddenly under C:\ i get 160 or so new files which all are log files. I cannot manage to open them though, cos i get the same error message.SHould i upload all this 160 log files?
Or did i understand wrong:huh:

 

[Flavius]

SHould i upload all this 160 log files?

Of course upload all on rapidshare.com,I knew before you can't also read them-I try to read them myself

Or did i understand wrong

You understand me well

 

[H1Ram]

I had the same problem. This fixed it:


Dear Customer,

Thanks for your reply.

I am glad to hear the SP1 update was installed successfully. However, the event log service failed to start. At this time, I would like to ask if the UAC is disabled on your computer. If so, please re-enable it and check if the issue persist.

This behavior may occur if one of the following factors is true:

1. We do not have permission for the C:\windows\system32\logfiles\wmi\rtbackup folder.
2. The Windows Management Instrumentation (WMI) service has been corrupted.

To troubleshoot this issue, I suggest we first perform these steps:

Take ownership of the rtbackup folder
==========================
1. In the "Start" menu, locate "Command Prompt". Right-click and choose "Run as Administrator". If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

2. Type the following commands, then press "Enter" to execute them one by one. Please note the space before the command and its parameter.

takeown /f C:\windows\system32\logfiles\wmi\rtbackup
cacls C:\windows\system32\logfiles\wmi\rtbackup /G administrators:F

3. Restart the computer to check the issue.

What is the result? If it does not work, let us repair the WMI service.

Reset Repository folder
===============
1. Click Start button, type “cmd” (without the quote) in the search box.
2. On the program results list, right click the “cmd.exe” and choose “run as administrator”.
3. In the command window, type the following commands and press Enter, one by one.

NET STOP WINMGMT
CD /D %WINDIR%\SYSTEM32\WBEM
REN REPOSITORY REPOSITORY.OLD
NET START WINMGMT

4. Restart the computer and access Windows Security Center to check whether our issue still appears.

Please let me know the results at your earliest convenience. If anything is unclear, please don't hesitate to let me know and I will be glad to help.

I look forward to your reply.

Best Regards,

Simon Wu
[email protected]
Microsoft Windows Vista Support Professional

 

[Flavius]

I had the same problem.

really?

the event log service failed to start

see very exactly post 51 and 52:after clearing events logs Capi could open event viewer at the moment although he can't do now again - if event log service failed to start he never to done this and he can easy to check it in services.msc - I'm sure he has event log started (see all posts)

1. We do not have permission for the C:\windows\system32\logfiles\wmi\rtbackup folder.

Here you have his logs from Process Monitor (old link disapeared) done during he tried unsuccesful to open Event Viewer RapidShare: Easy Filehosting -set filter RESULT IS ACCESS DENIED...and see you any missing permissions for C:\windows\system32\logfiles\wmi\rtbackup ? -I'am not see athough default settings for this folder only SYSTEM accont has full control - except SYSTEM nobody hasn't any permissions

but you can see i.e this strange things:

2. The Windows Management Instrumentation (WMI) service has been corrupted.

Do you really think these strange things due to corrupted WMI ?

 

[capi]

By the way, flavius, i can see my event viewer, but only from the computer manager. Thats why it is so strange. If i can see my events therefrom, why shuldnt event viewer it selfs open

By the way i will soon upload the files, i have just been very busy lately. :D

 

[capi]

[...]
2. Type the following commands, then press "Enter" to execute them one by one. Please note the space before the command and its parameter.

takeown /f C:\windows\system32\logfiles\wmi\rtbackup
cacls C:\windows\system32\logfiles\wmi\rtbackup /G administrators:F
[...]

cacls C:\windows\system32\logfiles\wmi\rtbackup /G administrators:F
I found out that the only way to make this happen as by changing administrators by my administrator name. Was this what u did?

 

[Flavius]

I found out that the only way to make this happen as by changing administrators by my administrator name. Was this what u did?

Remember by default the owner of folder C:\Windows is TrustedInstaller,because you took ownership the whole folder and subfolders so this command only change owner - only you became the owner - this is without any meaning because you belong to administrators group so you had already rights to change permissions for folder.For you it is no matter only you or whole administrators group own folder.For formality (only for formality)check this in services.msc

1.
If you have exactly as I have right -if you have diffrent -I haven't right

2.Run cmd.exe and type

wmic os get serialnumber