Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something is not right


  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Not sure how you can get newer drivers than Intel's.  Let's just clear the alarms reboot and run VEW and see where we stand.


  • 0

Advertisements


#47
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Clear the alarms?


  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Repeat what we did in #30:

 

http://www.geekstogo...-2#entry2552789


  • 0

#49
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 28/02/2016 9:58:56 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/02/2016 2:56:26 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 28/02/2016 2:52:22 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_28c5d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/02/2016 2:52:22 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_28c5d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/02/2016 2:52:22 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_28c5d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 28/02/2016 2:52:22 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_28c5d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/02/2016 2:53:12 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 28/02/2016 10:00:16 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/02/2016 2:55:32 PM
Type: Error Category: 0
Event: 35 Source: SideBySide
Activation context generation failed for "C:\Program Files\Microsoft Office 15\root\office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 


  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
How was it on reboot this time?
 
I found this one on the first error:
 
{784E29F4-5EBE-4279-9948-1E8FE941646D} is AUSessionConnect task located under task scheduler library - Microsoft - windows - windowsupdate
 
On a upgraded computer there are two additional tasks called AUFirwareinstall and AUSessionConnect both are disabled.
 
AUSessionConnect has a 'Last Run Result' with an error, disabling this task removes the error.
 
On fresh built Windows 10 machines I've checked all 3 tasks do not exist, suspect this is a hang over from the upgrade.
 
After disabling check that windows updates are still running

 

Let's try it:

Do a search for Task Scheduler then click on it.  Click on the arrow before Task Scheduler Library

then on the arrow before Microsoft

then on the arrow before Windows

then on the arrow before Windowsupdate 

You should see AUSessionConnect  Click on it.

Right click on each of the three tasks in the right pane and Disable.

 

Run FRST as before but don't hit the Scan button.  Instead type:  igfxdev.dll

in the box and click on Search Files.  It will take a while but should report back with a log if it found any.  Copy and Paste the log into a reply.


  • 0

#51
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

I clicked on the windowsupdate folder, there was no arrow before it. I brought up AUSessionConnect and clicked on it. The pane on the right is titled "Actions". Under the Windowsupdate headline there is "Create Basic Task, Create Task, Import Task, Display All Running Tasks, Enable All Tasks History, New Folder, Delete Folder, View, Refresh and Help". There are also items that come up under a "Selected Item header. When I right click on any of the actions nothing happens. Perhaps it works differently in Win 10?


  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

One pane too far. I should have said in the top section of the middle pane which is where the tasks are located.  Forgot about the far right stuff.   That's just the possible actions.  

It's possible that in Win 10 you have to click on the task then click on one of the possible actions under Selected Item since they have gone touch screen happy and it's hard to do a right click with a touch screen.


  • 0

#53
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

When I click on windowsupdate there is AUFirmwareInstall and AUScheduledInstall that are already disabled and then there is AUSessionsConnect, Automatic App Update, Scheduled Start, Scheduled start with Network, sih, and sihboot that are "Ready". Which ones do I disable?


  • 0

#54
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

 AUSessionsConnect should be disabled.


  • 0

#55
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by start_000 (2016-02-29 14:14:16)
Running from C:\Users\start_000\Desktop
Boot Mode: Normal

================== Search Files: "igfxdev.dll" =============

C:\Drivers\video\93CKH\Graphics\igfxdev.dll
[2013-10-09 14:53][2012-07-25 15:08] 0439296 ____A (Intel Corporation) B247186004B80F4F4D2978CA39C022D7 [File not signed]

====== End of Search ======


  • 0

Advertisements


#56
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

OK.  Let's just kill off the entry in the registry.

 

Download and Save the attached winlogon.zip file.

 

[attachment=80454:winlogon.zip]

 

Right click on it and Extract All

 

Find winlogon.reg and right click and Merge.  

 

This will clear the alarm that we were getting:

 

Log: 'System' Date/Time: 28/02/2016 2:53:12 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.micro...om/kb/197571formore information.

 

 

Reboot and let's see how it does.  Is it still slow?


  • 0

#57
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Seems to be running much better.

 

Extracted file and merged


  • 0

#58
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Is it running normally now?


  • 0

#59
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Just noticed you're in Melbourne Beach. I have a place in West Palm and several friends in Sebastian


  • 0

#60
starter005

starter005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Yes, it seems to be good again


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP