Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something is not right


  • Please log in to reply

#31
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 25/02/2016 10:01:15 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/02/2016 2:53:37 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/02/2016 2:50:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PassThru Service service failed to start due to the following error:  PassThru Service is not a valid Win32 application.

Log: 'System' Date/Time: 25/02/2016 2:50:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The LiveUpdateSvc service failed to start due to the following error:  LiveUpdateSvc is not a valid Win32 application.

Log: 'System' Date/Time: 25/02/2016 2:49:18 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_2660c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_2660c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_2660c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_2660c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/02/2016 2:50:11 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 25/02/2016 10:02:16 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 


  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
Log: 'System' Date/Time: 25/02/2016 2:50:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PassThru Service service failed to start due to the following error:  PassThru Service is not a valid Win32 application.
 
Log: 'System' Date/Time: 25/02/2016 2:50:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The LiveUpdateSvc service failed to start due to the following error:  LiveUpdateSvc is not a valid Win32 application.
 

 

 

PassThru Service comes from 

IPTInstaller

and

WModem Driver Installer

 

These are associated with an HTC phone.  Either the program is not Win 10 compatible or it's been damaged.  It needs to be uninstalled.  IF this is something you want to use then download a new version from HTC.

 

LiveUpdateSvc is part of Windows Live Essentials.  Same problem.  Uninstall.  If you need it then get a new copy from Microsoft.

 

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_2660c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_2660c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_2660c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_2660c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

 

The above are a known bug in Windows 10.  They actually happen when you shutdown and not when you startup so we can ignore them.

 

Log: 'System' Date/Time: 25/02/2016 2:49:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

 

 

 

This is another known bug.  There is a fix but it's a bit complicated:

 

https://shauncassell...9d520160-and-a/

 

Log: 'System' Date/Time: 25/02/2016 2:50:11 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.micro...om/kb/197571formore information.
 

 

 

This one is because of this entry:

 

Winlogon\Notify\igfxcui: igfxdev.dll [X]

 

The [X] means the file is missing or unreadable.  It's part of  Intel Integrated Graphics Controller Driver. so it might be a good idea to reinstall it,

 

Once you've done what you can, clear the alarms again as before, reboot and make new VEW logs and post them.


  • 0

#33
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

I deleted the PassThru and LiveUpdate processes but I hit a snag with the shauncassell steps. I found the (9CA88EE3) file but there were two different permission lines and neither one gave me an "advanced" tab.


  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Search for regedit.exe then open regedit.exe by right clicking and Run As Admin  (Or start regedit from a Command Prompt (Admin) )  see if that gives you the advanced button

 

This is from by Win 7 but you should get the same on yours:

 

 

[attachment=80435:reg.jpg]

 


  • 0

#35
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

As soon as I type regedit it brings me right to the registry editor window. When I open the 9CA88EE3 file I get "Default, Access Permission, AppIDFlags, Launch Permission, and Run As.   If I right click either of the permissions my options are "Modify, Modify Binary Data, Delete and Rename


  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Usually if you are in the search box and don't hit Enter it will give you some choices then you can right click on the right one and Run As Admin.

Alternatively if you type regedit into a Command Prompt(Admin)  I would think it would start with Admin privileges.  

 

Can you right click on 9CA88EE3-ACB7-47C8-AFC4-AB702511C276 and Export it?  It should ask you for a file name just call it 9ca and make sure it saves to your desktop.  

 

Then go to your desktop, right click on it and Edit.  That should open it in notepad so you can copy and paste the text into a reply.


  • 0

#37
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AppID\{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}]
@="RuntimeBroker"
"AccessPermission"=hex:01,00,14,80,ec,00,00,00,f8,00,00,00,14,00,00,00,30,00,\
  00,00,02,00,1c,00,01,00,00,00,11,00,14,00,04,00,00,00,01,01,00,00,00,00,00,\
  10,00,10,00,00,02,00,bc,00,06,00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,\
  00,00,00,0f,02,00,00,00,01,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
  00,00,05,0a,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,00,00,05,12,00,\
  00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,14,\
  00,03,00,00,00,01,01,00,00,00,00,00,05,14,00,00,00,09,00,4c,00,03,00,00,00,\
  01,01,00,00,00,00,00,05,04,00,00,00,61,72,74,78,f8,2e,00,00,00,57,00,49,00,\
  4e,00,3a,00,2f,00,2f,00,49,00,53,00,4d,00,55,00,4c,00,54,00,49,00,53,00,45,\
  00,53,00,53,00,49,00,4f,00,4e,00,53,00,4b,00,55,00,a2,01,01,00,00,00,00,00,\
  05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
"AppIDFlags"=dword:00000258
"AuthenticationLevel"=dword:00000006
"LaunchPermission"=hex:01,00,14,80,b0,00,00,00,bc,00,00,00,14,00,00,00,30,00,\
  00,00,02,00,1c,00,01,00,00,00,11,00,14,00,04,00,00,00,01,01,00,00,00,00,00,\
  10,00,10,00,00,02,00,80,00,03,00,00,00,00,00,18,00,0b,00,00,00,01,02,00,00,\
  00,00,00,0f,02,00,00,00,01,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,\
  00,00,05,0a,00,00,00,09,00,4c,00,0b,00,00,00,01,01,00,00,00,00,00,05,04,00,\
  00,00,61,72,74,78,f8,2e,00,00,00,57,00,49,00,4e,00,3a,00,2f,00,2f,00,49,00,\
  53,00,4d,00,55,00,4c,00,54,00,49,00,53,00,45,00,53,00,53,00,49,00,4f,00,4e,\
  00,53,00,4b,00,55,00,a2,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,\
  00,00,05,12,00,00,00
"RunAs"="Interactive User"
 

Here is the D63 file also:

 

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}]
@="RuntimeBroker"
"AppID"="{9CA88EE3-ACB7-47c8-AFC4-AB702511C276}"

[HKEY_CLASSES_ROOT\CLSID\{D63B10C5-BB46-4990-A94F-E40B9D520160}\LocalServer32]
@="C:\\Windows\\System32\\RuntimeBroker.exe"
 


  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

I think you may not be RIGHT clicking on the {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}.  If you do that (just like you did the Export) you should get a Permissions option in the menu.

 

If it's not there don't worry about it any more.  Let's just clear the event logs again, reboot and run VEW as before.  Also let's look at a new Processor Explorer log.


  • 0

#39
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

OK, you were right I'm stupid.  I right clicked and followed the shauncassell procedure and changed both files. I went to my device manager and found the Intel HD Graphics driver and found the uninstall tab. Will it reinstall itself automatically?


  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

I would think it would reinstall itself when you reboot.  They usually do.  However, you might want to just download the latest version and see if it will install over the old one.

 

https://downloadcent...it-3rd-Gen-BYT-


  • 0

Advertisements


#41
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

I have a message that popped up: The computer currently contains driver versions newer than the versions you are about to install. Are you sure you want to overwrite the following drivers with the older versions?   Intel Display Audio (6.16.0.3154)  &  Intel HD Graphics (10.18.10.4276).  Should I do it anyway?


Edited by starter005, 26 February 2016 - 10:42 AM.

  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

I thought that was the latest driver but I guess not.  Try this one.

 

https://downloadcent...-15-40-4th-Gen-

 

 


  • 0

#43
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

New message: This computer does not meet the minimum requirements for installing the software.


  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

OK go to http://www.intel.com...ort/detect.html

 

and download and run the Intel® Driver Update Utility.  See if it finds any updates for you.


  • 0

#45
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

I have it and when I run it I get the same "you have newer drivers" message; I wonder if its an Intel glitch


  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP