Taking back permissions at the console when flattening corrupted systems fails to allow recovery..?

Hi, I've been trying to crawl out of corruption forever it seems. I lose permissions on my systems at the same time that I install the OS - whether it's a Windows variation, Linux distribution or even MacOS. They seem to be infecting each other as brand new systems are instantly corrupted.

I just discovered this Microsoft tool (subinacl.exe) which is represented as a solution, but a batch file run as BUILTIN Administrator which should take the permissions back, merely induces a lot of Access Denied messages - along with the permissions it claims to change:

onivfxz49v2m3tleahfa.png

But perhaps more importantly, it doesn't change any permissions at all. Just like Aaron's Stubner's utilitities for removing .NET Frameworks (which seem to be installed 'cleanly' onto new systems with Genuine Windows)...I can run the commands back to back for the same results. Nothing is ever removed. Nothing is ever changed, I don't think...

l470vyrjv6o9h11vqo6i.png

I suspect my paravirtualised installations onto 'bare metal' aren't quite - I think I might be installing over the top of something like that, but how it gets onto brand new computers is beyond me.

What are my options here? I hope I have some ;( - thanks if you're able to help me out..!!  
goscuter1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Netman66Commented:
Do you know for certain you are infected with something?  Has it been sandboxed?

I don't know what virus would change as much as it looks like you're trying to fix, but I suspect anything is possible.

You may want to systematically scan and isolate your servers one at a time to figure out where this is coming from.

0
gheistCommented:
Any problem with Linux or OSX ?


What comand line you give to subinacl? WinSXS is owned by LocalSystem and Administrator has no power over it (starting Vista/2008)
0
goscuter1Author Commented:
Thank you both for your responses and I apologise for not being able to return until now, but I'm in a real mess here - getting online is a mammoth ordeal.

Definitely infected with the EFI partitions on all machines very close to identical and very corrupted. Converting the disks to MBR has no affect, the hundreds of "UNKNOWN" modules and drivers in /proc and /sys corrupt literally everything (I cannot burn a clean CD/DVD - all my internal and external cd-rom drives flash hundreds of "The CDROM has a bad block" warning messages...USB flash drives are corrupted instantly, even before they are mounted...removable SD cards and the like don't fare any better).

I am experiencing almost identical symptoms on laptops and desktops (and Android phones) regardless of what OS is installed; I've tried Windows 7 (all variants), Windows Server 2008, XP....about 40 Linux distributions with the only helpful ones being PCLinuxOS and OpenSuSE (Novell have an INTEL Firmware Developer test, which all my systems fail badly)....and I have a MacBook Air running Lion 10.7.2 which is impossible to clean (mounting the EFI partition with rEFIt, shows some shocking stuff with SMBIOS and unexplainable Thunderbolt / Bluetooth drivers with hundreds of "UNKNOWN" entries).

Wiping the hard drives with shred or dd in Linux doesn't do a thing because either the corruption is write-protected on the disks or it's located somewhere else, and not on my hard drives. I believe the latter is the case, because I've booted into grub with no drives (at all) connected to my machines.

Flashing my INTEL desktop boards with their respective .bio files from INTEL.com claims to flash all the images successfully, but then when the BIOS loads up, not a single thing has changed - including the concerning note that "Intel Integrator Toolkit has modified this BIOS.

I've assembled brand new systems almost exclusively with INTEL components (i7 processors, desktop or Atom boards, INTEL SSDs etc) then taken the new system directly to a random hotel straight after assembly at the stores (obviously to separate them from the corrupted machines) and when I boot up the new systems, they're corrupted. "CMOS Checksum errors" - all sorts of issues with Resume / Powercfg - and the same corrupted EFI carnage as all the rest.

I've even installed onto a new SSD at 37,000 feet in the air, corrupted instantly by the controllers in my laptop.

Booting Microsoft pressed Windows 7 discs and hash-verified Windows Developer preview ISOs, onto brand new drives or machines, gives the same error messages every time:

An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

The following boot-start or system-start driver(s) failed to load:
3ware
adp94xx
adpahci
adpu320
amdsata
amdsbs
amdxata
arc
arcsas
atapi
b06bdrv
bfad
dam
ebdrv
EhStorClass
EhStorTcgDrv
elxfcoe
elxstor
HpSAMD
iaStorV
iirsp
intelide
isapnp
LSI_FC
LSI_SAS
LSI_SAS2
LSI_SCSI
LSI_SSS
megasas
MegaSR
mvumis
nfrd960
nvraid
nvstor
pciide
ql2300
ql40xx
sbp2port
SiSRaid2
SiSRaid4
stexstor
storflt
storvsc
viaide
vmbus
vsmraid
VSTXRAID
Wd
WdBoot

(these all load with Linux distributions, regardless of anything I enter on the kernel command line)

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-2068104854-2561093263-2801869144-1000:
Process 644 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2068104854-2561093263-2801869144-1000\Software\Microsoft\Windows\DWM


0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

gheistCommented:
Intel SSD - you need to load a new firmware (since you use LiveCD Linux does not reach the problem)

i7 - you need a fresh CPU microcode, preferably from BIOS, because windoes has none, Linux loads it anyway so it works

CMOS error - you need new CMOS battery if it appears after prolonged mains disconnection

Even your first post illustrates "common use", the rest gives a lot of suspicion that you have a hardware/firmware related issue - i would reset BIOS to very defaults after flashing.

Given you mentioned MacOS - are you attempring to install Windows on a MAC? You have to use BootCamp.

If you intend to keep Linux area please post "dmesg" text from installed Linux.
0
David Johnson, CD, MVPOwnerCommented:
There seems to be a common element that is causing you these problems. and you have to start isolating things down.
are you using the same cdrom drive to install the software?


Possible common items -- bad power supplies, bad local power (unlikely but possible), bad ram, high rf environment.
If you take a known working system into your build environment and totally isolated from the network does the machine start exhibiting the bad behaviour?

If you add a drive after initializing the drive does the machine now show bad behaviour?
change out the ram from the good system and replace it with a bad system, on the good system does it work ok?

What you needed is a known working good system to start your troubleshooting.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Guy Hengel [angelIII / a3]Billing EngineerCommented:
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
gheistCommented:
My answer points out all problems there could be.

No - subinacl works exactly as expected (the errors in pictures), BUILTIN\Administrator has to take ownership from BUILTIN\LoacalSystem to change WinSXS. But the massive disk problem (with 20 drivers) is caused by problem in hardware, not by actual approach to Windows.
0
gheistCommented:
Split between:

http:#37232273
http:#37225019

Also Linux and Windows Network Security have no relevance to the subject of question
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.