Windows Vista, UAC problem?

ComputerGuy55

Posts: 392   +14
Ok so I have a weird problem here:

I have laptop running Windows Vista 64bit, I've narrowed it down to the processes on the computer but cannot find which one, and found out most of what seems to be broken..

So I ran it in safemode with networking, works great, no problems. In normal mode, with ALL Services enabled I get a blue background with "Please Wait..." before seeing the user to select to log into, won't go past that. Disabling all new program services (Anything not marked with Microsoft) It will let me get to the desktop. But my problem here is any time I try and run a program that needs to open with permissions (UAC Right?) it just hangs, goes no further... So I can't open MSCONFIG, MMC(Device Manager, Event viewer, services list), can't view all processes with Task Manager...

So I'm trying to figure out what the problem is here but I seem to be stuck, is there any specific service anyone can think of that would cause this to happen? Anyone run into this problem?

Note: Under Microsoft services I HAVE Disabled any firewall programs. There was Windows Firewall, Windows Defender, and Windows Live OneCare, disabled those to make sure it was not a firewall issue, and there are no other firewall programs on there.

ALSO: I have disabled all Startup Programs, so those are not an issue either..

Thanks in advance
 
That Windows Defender is a memory hog and CPU cycle robber. I won't use it. Under a different profile on the unit does it do the same thing? Also under SFM doe sit do the same thing? I hope you have patched up that OS also!
 
It's not my laptop, I'm a computer tech working on it, I have yet to try another profile, I will do that soon. SFM - Safe Mode?

Safe Mode with Networking works fine so I assume regular Safe Mode will work just the same.
 
I don't run Vista myself but have used it on friends' computers (sometimes for support) so i'm not really sure just what the problem might be, so i'm just listing some thoughts/comments/things you might try, if you want to

Two programs you might try
> Process Explorer in place of Task Manager. It's actually TM on steroids given all it can do!
====> Under Properties->Cdompatibility try checking the Run as Admin box
====> You can also set it as a Startup. On the cmd line, use the /t option to start it minimized as sys tray icon

> Serviwin use it to report details of all your Windows services and STatus settigs. (You can use it to also generate a .txt based report). Set comaptibility mode as well

> Also wonder if it could be a virus??? (i dunno... :confused:) Or you might also try a Vista repair install operation

keep us posted and Good luck! :)
 
checked for virus's first, seems clean. I will try Process Explorer. The problem is when anything TRIES to open as administrator, the box never comes up to say yes to run it as admin.
 
I've never done so, but pretty sure i've seen there's a way to also turn off UAC that might help during debugging. You can try googling it.. if you have trouble finding/doing it give a shout.. am sure someone else on here must've done it before
 
I know where to do it, I'm running windows Vista 64bit on my home laptop for over a year, no problems (Even though all the complaints about it haha) I still don't like it compared to XP and 7 but luckily I've had no issues...

However, it requires admin rights to change it and so it just hangs before it lets me go switch it :p So I'm stuck at a halt, might just reload it for em, if they want to spend the money, simplest way.
 
So this is a work system your working on? So under SFM there is no issue? Is there something in the user profile that was loaded and halted the UAC. What does the event log viewer reads?
 
Is there something in the user profile that was loaded and halted the UAC. What does the event log viewer reads?
@tipstir
You raise an excellent point

@ComputerGuy55
Sorry if you mentioned this already (i don't recall) but will ask: Have you also tried creating a new User Account (with admin rights). Does a new account have the same problem?
 
tipstir recommended that and I have yet to do so. And no it's not a WORK computer, it's a custoemrs. I'm a computer technician working on it, and sometimes you forget to try things :p(like making a new profile) but it's a new day, 8hours to try new things.

About event viewer:

System:

DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server:
{375FF000-DD27-11D9-8F9C-0002B3988E81}

The following boot-start or system-start driver(s) failed to load:
spldr
Wanarpv6

The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.0.106. The computer with the IP address 192.168.0.105 did not allow the name to be claimed by this computer.

The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.0.106. The computer with the IP address 192.168.0.105 did not allow the name to be claimed by this computer.

<warning>The redirector was unable to register the address for transport NetBT_Tcpip_{A1296439-4245-449A-9E4C-657A511F582E} for the following reason: You were not connected because a duplicate name exists on the network. If joining a domain, go to System in Control Panel to change the computer name and try again. If joining a workgroup, choose another workgroup name.. Transport has been taken offline.

<warning>The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

An error occured while using SSL configuration for socket address <IP>. The error status code is contained within the returned data.(a few of these, a few different IP's>

Applications:

Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.

Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

<warning>The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Think I might just go with a reload hahaha.
 
Best to to backup the users profile but only: Docs, Cookies, Desktop (layout icons), history take some image screen shot dumps also save them in word doc. Then login as you and delete their profile. I am sure their profile is huge. Windows OS will rebuild their profile. Note some applications might not work after a profile rebuild so take that in to consideration.

Something happen on their system and the logs show it. Other than rebuilding the Profile you could blow out the OS and install OS. Of course this is time consuming as you know already. Other than that is to sit there and figure out what's going on? I know I would try to get it back to a stable point, but clients employees can't be down so long so we just either restore the profile or just give them a loaner and then image the system backup. Since you're working on a customer system you can try run some system scan/repair software first to catch registry errors and stuff like that. Glary & IOBIT tools. Reboot the system. Then check the event viewer for errors.

If you still getting the same problem then re-install OS.
 
just a couple added comments from my own p-o-v
  1. I'd first start by creating and testing with a new user logon
  2. Whether that works (or not!) i'd do my backups by simply cloning the current hard drive (then you're assured no regrets in what you backed up till you're finally done) :)
  3. If the new profile doesn't fix the problem you might want to consider a "repair" install before a full install (you're a tech. you'll figure out which is best step for your situation, i'm sure)
  4. Am sure you already observed you have many different types of errors in your logfile... just an fyi (if only for future reference) about an error that's generally symptomatic of a Visual C++ / Side-by-Side library problems. See [post=897892]How to fix Visual C++ library errors[/post]
Code:
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".
Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. 
Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". 
Please use sxstrace.exe for detailed diagnosis.
 
Thanks for the replies guys. I made a second account but it started stopping before showing profiles again so I decided, in the best interest of my time and the customer's costs (the more time I spend the higher the price goes...) I told them it would be better to do a reload with how many problems they have. I took a second harddrive, installed windows, works great. Transferred all the data over(all 44 gigs of Data..Haha) Restarted the computer a few times, seems to be no issues... Definitely think something happen to the computer, she was running Limewire on there, though it did not come back as being infected it did have many problems.

So, so far the reload is working fantasicly, I will image the data back to her drive and hope that all goes well. Thanks again for the suggestions.
 
Back