[globaljoe]

How's things looking now, any better?.

[Advertisements]

Log looks better but appears you are still stuck in Safe Mode.

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 

Reboot. 

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

 

After the prompt returns:

Copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

notepad \windows\logs\cbs\junk.txt 

 

Return to the Command Prompt or if it has been closed: Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  

 

Right click and Paste or Edit then Paste and the copied lines should appear.

Hit Enter if notepad does not open.

Copy and paste the text from notepad

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

[RKinner]

Log looks better but appears you are still stuck in Safe Mode.

 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 

Reboot. 

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

 

After the prompt returns:

Copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

notepad \windows\logs\cbs\junk.txt 

 

Return to the Command Prompt or if it has been closed: Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  

 

Right click and Paste or Edit then Paste and the copied lines should appear.

Hit Enter if notepad does not open.

Copy and paste the text from notepad

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

[globaljoe]

Vino's Event Viewer v01c run on Windows Vista in English

Report run at 12/03/2016 13:03:27

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System'  Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System'  Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is all I get after running the event viewer tool?.

[RKinner]

Did you reboot after 

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 

 

?

[globaljoe]

At this point I may have to consider doing a return to factory settings after making a log of my favourite sites and anything else I may have to reinstall. 

[globaljoe]

I'll have another go at running the event viewer tool!.

[globaljoe]

Got it this time!

Vino's Event Viewer v01c run on Windows Vista in English

Report run at 12/03/2016 14:27:41

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 12/03/2016 13:58:48

Type: Error Category: 0

Event: 7026 Source: Service Control Manager

The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswVmm MpFilter spldr Wanarpv6

 

Log: 'System' Date/Time: 12/03/2016 13:58:48

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

 

Log: 'System' Date/Time: 12/03/2016 13:58:48

Type: Error Category: 0

Event: 7001 Source: Service Control Manager

The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.

 

Log: 'System' Date/Time: 12/03/2016 13:58:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Log: 'System' Date/Time: 12/03/2016 13:58:29

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

 

Log: 'System' Date/Time: 12/03/2016 13:58:23

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

 

Log: 'System' Date/Time: 12/03/2016 13:58:16

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Log: 'System' Date/Time: 12/03/2016 13:58:02

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

 

Log: 'System' Date/Time: 12/03/2016 13:56:18

Type: Error Category: 0

Event: 3002 Source: Microsoft Antimalware

Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: On Access   Error Code: 0x8007043c   Error description: This service cannot be started in Safe Mode   Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 12/03/2016 13:56:17

Type: Warning Category: 0

Event: 263 Source: PlugPlayManager

The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

 

Log: 'System' Date/Time: 12/03/2016 13:54:57

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped. 

[globaljoe]

And the second one:

Vino's Event Viewer v01c run on Windows Vista in English

Report run at 12/03/2016 14:46:31

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 12/03/2016 14:40:45

Type: Error Category: 16

Event: 4609 Source: Microsoft-Windows-EventSystem

The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

 

Log: 'Application' Date/Time: 12/03/2016 13:58:16

Type: Error Category: 16

Event: 4609 Source: Microsoft-Windows-EventSystem

The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 12/03/2016 14:39:28

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

 

Log: 'Application' Date/Time: 12/03/2016 14:37:31

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-504676162-3151235640-1111575767-1000:

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Policies\Microsoft\SystemCertificates

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Policies\Microsoft\SystemCertificates

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Policies\Microsoft\SystemCertificates

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Policies\Microsoft\SystemCertificates

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Microsoft\SystemCertificates\Root

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Microsoft\SystemCertificates\My

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Microsoft\SystemCertificates\CA

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Microsoft\SystemCertificates\Disallowed

Process 612 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-504676162-3151235640-1111575767-1000\Software\Microsoft\SystemCertificates\trust

 

 

Log: 'Application' Date/Time: 12/03/2016 14:37:31

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

 

Log: 'Application' Date/Time: 12/03/2016 14:37:31

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

 

Log: 'Application' Date/Time: 12/03/2016 13:56:50

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

 

Log: 'Application' Date/Time: 12/03/2016 13:54:56

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

 

Log: 'Application' Date/Time: 12/03/2016 13:54:56

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

[RKinner]

Log: 'Application' Date/Time: 12/03/2016 14:40:45

Type: Error Category: 16

Event: 4609 Source: Microsoft-Windows-EventSystem

The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

 

 

 

Sometimes means bad RAM so run the builtin memory test

 

See 

How do I schedule the memory test manually?

 

at the bottom of http://windows.micro...-memory-problem

[RKinner]

I just got a PM from someone with a possible cause.  Appears there was a MSE update that killed Vista PCs.  See:  

 

http://www.vistax64....-kb3140527.html

 

Can you do a System Restore back to a time before the last update?

 

Can you uninstall MSE?

[globaljoe]

Ram test came out fine, this is one weird problem.

[RKinner]

Did you see my previous post?

[globaljoe]

Hi, I tried to uninstall MSE but got message saying MSE cannot be uninstalled while in safe mode!!. which, at the moment is the only mode I can run in.

[RKinner]

OK.  Three possibilities:

1.  System Restore to a time before the update.

 

2. Search for 

 

msconfig and hit Enter.

 

This should bring up a new window.  Click on Diagnostic Startup.  OK.  Reboot and see if you can get into regular mode.

 

3.Run a FRST scan with Addition.txt checked and post both logs.  We'll pull it out by the roots.

[globaljoe]

Oh, and I tried system restore, but got message: No restore points have been created on your computers system.