Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

A fresh installation of Win caused FPS drops(less FPS in general).

Started by zapuxas098 , Feb 18 2017 05:08 PM

Win 7 8.1 c9 game fps drops

Please log in to reply

#1
zapuxas098

Posted 18 February 2017 - 05:08 PM

Member

Member
150 posts

Hey all,

I've fallen into some issues after reinstalling my windows. I had win 8.1 and win 10 before. Upgraded with a clean installation after a while, The gaming experience was quite similar. But Win 10 caused some crashes etc so I decided to try the old good Win 7. I installed 64 bit version, all seemed to be right. But once I ran my game(Continent of Ninth-All ultra), it had some lags and yet ~20FPS less or even more. I installed another version of Win 7 64bit, same thing. Then I thought going back to 8.1 because it was really fast and good. But yet, the same thing. Somewhat slower in general and less FPS in-game.

Could I have missed some stuff regarding programs? Or the order of installing the programs could have affected me? Or the windows itself, isn't the right ones I got, corrupted or wrongly editted.. Any ideas? Here's my information:

http://www.filedropper.com/darknet

Uploaded Speccy info
P.S. I saved the Speccy when I was in the game, so the temperatures are higher

Thanks in advance!

Edited by zapuxas098, 18 February 2017 - 05:10 PM.

#2
RKinner

Posted 18 February 2017 - 10:20 PM

Malware Expert

Expert
24,624 posts

How old is the PC? Make & Model number (and service tag if it has one)?

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

http://www.eightforu...indows-8-a.html

http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Your speccy info gets confused with my own so let's do it this way:

Close all programs.

Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.

#3
zapuxas098

Posted 19 February 2017 - 10:47 AM

Member

Topic Starter
Member
150 posts

Hey there,

Thanks for the support. Here are the lines:

"Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   92.27   0 K   4 K   0
firefox.exe   1.50   95,880 K   125,760 K   428   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
procexp64.exe   1.30   19,324 K   40,440 K   5012   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
firefox.exe   1.24   122,216 K   155,948 K   4092   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
Interrupts   0.94   0 K   0 K   n/a   Hardware Interrupts and DPCs
wmplayer.exe   0.67   21,396 K   39,168 K   2432   Windows Media Player   Microsoft Corporation   (Verified) Microsoft Windows
dwm.exe   0.60   23,192 K   24,132 K   968
explorer.exe   0.54   46,992 K   73,020 K   1656   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
audiodg.exe   0.29   16,060 K   19,168 K   1096
csrss.exe   0.26   2,244 K   7,908 K   648
System   0.21   3,720 K   1,180 K   4
nvcontainer.exe   0.08   7,420 K   19,940 K   1800   NVIDIA Container   NVIDIA Corporation   (Verified) NVIDIA Corporation
NVIDIA Web Helper.exe   0.03   30,548 K   44,880 K   4464   NVIDIA Web Helper Service   Node.js   (Verified) NVIDIA Corporation
svchost.exe   0.01   7,552 K   14,764 K   1144   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
nvcontainer.exe   0.01   19,408 K   32,676 K   2416   NVIDIA Container   NVIDIA Corporation   (Verified) NVIDIA Corporation
nvxdsync.exe   0.01   7,728 K   20,468 K   784
MsMpEng.exe   0.01   94,976 K   19,900 K   1936   Antimalware Service Executable   Microsoft Corporation   (Verified) Microsoft Corporation
nvspcaps64.exe   0.01   11,472 K   26,736 K   4252   NVIDIA Capture Server   NVIDIA Corporation   (Verified) NVIDIA Corporation
svchost.exe   0.01   18,992 K   36,280 K   576   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
NVIDIA Share.exe   < 0.01   42,640 K   53,336 K   4432   NVIDIA Share   NVIDIA Corporation   (Verified) NVIDIA Corporation
svchost.exe   < 0.01   62,128 K   71,164 K   1048   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe   < 0.01   3,324 K   6,732 K   860   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
wmpnetwk.exe       4,396 K   3,056 K   4940   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
winlogon.exe       1,436 K   7,564 K   720
wininit.exe       848 K   3,668 K   636
svchost.exe       3,616 K   7,892 K   1920   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       4,516 K   11,916 K   3860   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       4,916 K   12,848 K   3312   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       7,576 K   17,072 K   480   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       4,864 K   10,772 K   820   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       15,568 K   23,204 K   460   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       10,640 K   16,896 K   1320   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,292 K   7,548 K   1456   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
SMSvcHost.exe       13,968 K   28,336 K   1524   SMSvcHost.exe   Microsoft Corporation   (Verified) Microsoft Corporation
SMSvcHost.exe       25,176 K   28,724 K   780   SMSvcHost.exe   Microsoft Corporation   (Verified) Microsoft Corporation
smss.exe       280 K   1,020 K   416
services.exe       2,896 K   6,000 K   692
SearchIndexer.exe       22,116 K   22,876 K   2264   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
RAVCpl64.exe       3,448 K   9,576 K   748   Realtek HD Audio Manager   Realtek Semiconductor   (Verified) Realtek Semiconductor Corp
procexp.exe       2,376 K   7,180 K   3048   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
nvwirelesscontroller.exe       2,020 K   6,428 K   1820   NVIDIA Wireless Controller Service   NVIDIA Corporation   (Verified) NVIDIA Corporation
nvtray.exe       2,708 K   9,732 K   1740   NVIDIA Settings   NVIDIA Corporation   (Verified) NVIDIA Corporation
NVIDIA Share.exe       15,196 K   38,776 K   4344   NVIDIA Share   NVIDIA Corporation   (Verified) NVIDIA Corporation
NVDisplay.Container.exe       3,864 K   9,584 K   976   NVIDIA Container   NVIDIA Corporation   (Verified) NVIDIA Corporation
NisSrv.exe       11,104 K   4,292 K   4300   Microsoft Network Realtime Inspection Service   Microsoft Corporation   (Verified) Microsoft Corporation
lsass.exe       5,008 K   11,868 K   728   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows Publisher
dllhost.exe       2,664 K   7,912 K   2052   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
dllhost.exe       1,180 K   5,456 K   4056
dasHost.exe       4,736 K   12,844 K   1516
csrss.exe       1,640 K   3,656 K   572
conhost.exe       796 K   3,312 K   4472   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows"

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       416 N/A
csrss.exe                      572 N/A
wininit.exe                    636 N/A
csrss.exe                      648 N/A
services.exe                   692 N/A
winlogon.exe                   720 N/A
lsass.exe                      728 KeyIso, SamSs
svchost.exe                    820 BrokerInfrastructure, DcomLaunch, LSM,
                                   PlugPlay, Power, SystemEventsBroker
svchost.exe                    860 RpcEptMapper, RpcSs
dwm.exe                        968 N/A
NVDisplay.Container.exe        976 NVDisplay.ContainerLocalSystem
svchost.exe                    460 Audiosrv, Dhcp, EventLog,
                                   HomeGroupProvider, lmhosts, Wcmsvc
svchost.exe                    576 AeLookupSvc, Appinfo, BITS, Browser,
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,
                                   Schedule, SENS, ShellHWDetection, Themes,
                                   Winmgmt
nvxdsync.exe                   784 N/A
svchost.exe                    480 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, WinHttpAutoProxySvc
svchost.exe                   1048 AudioEndpointBuilder,
                                   DeviceAssociationService, hidserv,
                                   HomeGroupListener, NcbService, PcaSvc,
                                   SysMain, TrkWks
svchost.exe                   1144 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
svchost.exe                   1320 BFE, MpsSvc, NcdAutoSetup
svchost.exe                   1456 AppHostSvc
dasHost.exe                   1516 N/A
SMSvcHost.exe                 1524 NetTcpActivator, NetTcpPortSharing
explorer.exe                  1656 N/A
nvtray.exe                    1740 N/A
nvcontainer.exe               1800 NvContainerLocalSystem
nvwirelesscontroller.exe      1820 NVIDIA Wireless Controller Service
svchost.exe                   1920 W3SVC, WAS
MsMpEng.exe                   1936 WinDefend
SMSvcHost.exe                  780 NetPipeActivator
dllhost.exe                   2052 N/A
nvcontainer.exe               2416 N/A
SearchIndexer.exe             2264 WSearch
svchost.exe                   3312 FDResPub, SSDPSRV, TimeBroker, upnphost
svchost.exe                   3860 p2pimsvc, p2psvc, PNRPsvc
dllhost.exe                   4056 N/A
RAVCpl64.exe                   748 N/A
nvspcaps64.exe                4252 N/A
NVIDIA Share.exe              4344 N/A
NVIDIA Share.exe              4432 N/A
NVIDIA Web Helper.exe         4464 N/A
conhost.exe                   4472 N/A
wmpnetwk.exe                  4940 WMPNetworkSvc
audiodg.exe                   1096 N/A
wmplayer.exe                  2432 N/A
firefox.exe                   4092 N/A
firefox.exe                    428 N/A
procexp.exe                   3048 N/A
NisSrv.exe                    4300 WdNisSvc
procexp64.exe                 5012 N/A
notepad.exe                   1276 N/A
cmd.exe                       4924 N/A
conhost.exe                   2912 N/A
tasklist.exe                  2812 N/A
WmiPrvSE.exe                  2840 N/A

Oh and the PC is around 1-2 years old. I made it by parts. The motherboard/CPU/Case is like 2 years old. The 2x ram/HDD/GPU is around 1 year old. So I don't think a part-made PC has a model number? Or the service tag, where do I find it?

Attached Files

DARKNET.txt 55.66KB 550 downloads

#4
RKinner

Posted 19 February 2017 - 11:13 AM

Malware Expert

Expert
24,624 posts

CPU

AMD A8-7600 57 °C

I think your heatsink is clogged with dust. A desktop PC sitting at idle should be around 45 degrees not 57. Mine runs at 35 but it has a monster heatsink on it. Shut it down but leave it connected to the wall outlet. Open it up, remove the fan (note which way is up so you can put it back the same way) but DO NOT DISTURB the heatsink and use a vacuum cleaner hose and a small brush to clean the heatsink. Clean all other vents and fans, including the power supply's fan.

You can monitor the temps in real time with speedfan:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray. You can change it: Hit Configure then

click on the highest temp and check Show in tray

Also next time you build a PC: Do not use a Seagate drive. They do not hold up. Yours is already showing errors

01

Attribute name Read Error Rate

Real value 0

Current 120

Worst 99

Threshold 6

Raw Value 000E46DCC8

Status Good

...

07

Attribute name Seek Error Rate

Real value 0

Current 80

Worst 60

Threshold 30

Raw Value 0006263C3A

Status Good

...

BD

Attribute name High Fly Writes (WDC)

Real value 1

Current 99

Worst 99

Threshold 0

Raw Value 0000000001

Status Good

Get a Western Digital Black if you can afford it.

Once you clean the heatsink:

Make a new speccy log after it has benn on for about 30 minutes and post it.

Also

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#5
zapuxas098

Posted 19 February 2017 - 12:09 PM

Member

Topic Starter
Member
150 posts

I remember running Speccy before, when I just got the PC, speccy was always showing ~55-60C while SpeedFan was showing ~45C. Here's the proof(Attached an image)
Also, I cleaned the dusts and applied thermal paste to the processor and GPU a few minutes ago. It quite feels smoother now but still kinda the same as it was.
Yet I didn't open the Power Supply box. I used the vacuum hose etc to clean it but that's all. Should I really open it? P.S. it looks good from the look

The Seagate HDD, are these errors something I should worry about or?

Attached the new Speccy txt file, seems quite the same

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 19/02/2017 8:06:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/02/2017 2:29:14 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/02/2017 5:42:13 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:13 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:42:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:39:00 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:39:00 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:39:00 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:39:00 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:39:00 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:39:00 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:39:00 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:38:59 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:38:59 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/02/2017 5:38:59 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Darknet\Marius SID (S-1-5-21-2264090065-1336448463-196550333-1003) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/02/2017 5:42:14 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/02/2017 5:42:13 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/02/2017 5:42:10 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 18/02/2017 9:56:40 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:41:39 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:41:19 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:40:59 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:40:39 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:40:35 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:40:15 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:39:55 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:39:35 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:39:31 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:39:11 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:38:51 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:38:31 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:38:11 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:37:51 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:37:31 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

Log: 'System' Date/Time: 18/02/2017 9:37:11 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

------------------------------------------------------------------- Application below

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 19/02/2017 8:07:58 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/02/2017 4:31:04 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mbam.exe, version: 3.0.0.912, time stamp: 0x58811df5 Faulting module name: mbam.exe, version: 3.0.0.912, time stamp: 0x58811df5 Exception code: 0xc0000005 Fault offset: 0x00232185 Faulting process id: 0x122c Faulting application start time: 0x01d28acd8d9aaafd Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe Report Id: ce3d634d-f6c0-11e6-8263-d050995a03e7 Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 18/02/2017 11:04:31 PM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 18/02/2017 11:04:29 PM
Type: Error Category: 0
Event: 1017 Source: Microsoft-Windows-Perflib
Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Log: 'Application' Date/Time: 18/02/2017 11:04:29 PM
Type: Error Category: 0
Event: 1021 Source: Microsoft-Windows-Perflib
Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Log: 'Application' Date/Time: 18/02/2017 10:39:48 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 18/02/2017 11:37:06 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: TS4.exe, version: 1.25.136.1020, time stamp: 0x582ceb37 Faulting module name: MSVCP120.dll, version: 6.3.9600.18185, time stamp: 0x5683eff4 Exception code: 0xc0000135 Fault offset: 0x0009d5b2 Faulting process id: 0x1074 Faulting application start time: 0x01d289db4fbcaa6c Faulting application path: E:\Games\The Sims 4\Game\Bin\TS4.exe Faulting module path: MSVCP120.dll Report Id: 927379f0-f5ce-11e6-8261-d050995a03e7 Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 16/02/2017 3:56:38 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: e88 Start Time: 01d2886cfea8246b Termination Time: 0 Application Path: C:\Windows\Explorer.EXE Report Id: 74c81cfe-f460-11e6-8260-d050995a03e7 Faulting package full name:   Faulting package-relative application ID:

Log: 'Application' Date/Time: 16/02/2017 3:29:12 PM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 16/02/2017 3:29:13 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SystemSettings.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11f0 Start Time: 01d288691bafd4e0 Termination Time: 4294967295 Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Report Id: aab66729-f45c-11e6-825f-d050995a03e7 Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Log: 'Application' Date/Time: 16/02/2017 3:26:55 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SystemSettings.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b8 Start Time: 01d28868e9e0988f Termination Time: 4294967295 Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Report Id: 55c93b4b-f45c-11e6-825f-d050995a03e7 Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Log: 'Application' Date/Time: 16/02/2017 3:26:50 PM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Log: 'Application' Date/Time: 16/02/2017 2:44:58 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Explorer.EXE, version: 6.3.9600.17415, time stamp: 0x54503a3a Faulting module name: Start8_64.dll_unloaded, version: 1.1.7.0, time stamp: 0x520bde72 Exception code: 0xc0000005 Fault offset: 0x0000000000054203 Faulting process id: 0xbe0 Faulting application start time: 0x01d288613414bed4 Faulting application path: C:\Windows\Explorer.EXE Faulting module path: Start8_64.dll Report Id: 7c80f3e9-f456-11e6-825c-d050995a03e7 Faulting package full name: Faulting package-relative application ID:

Log: 'Application' Date/Time: 16/02/2017 1:13:48 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 16/02/2017 11:12:18 PM
Type: Error Category: 0
Event: 2 Source: Microsoft-Windows-Search-ProfileNotify
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/02/2017 6:47:50 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-2264090065-1336448463-196550333-1003}/>.

Context: Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 18/02/2017 10:45:44 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe' (pid 4584) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 18/02/2017 6:38:08 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-2264090065-1336448463-196550333-1003}/>.

Context: Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 17/02/2017 7:38:10 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-2264090065-1336448463-196550333-1003}/>.

Context: Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 16/02/2017 7:38:07 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-2264090065-1336448463-196550333-1003}/>.

Context: Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 16/02/2017 5:03:46 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe' (pid 2956) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 16/02/2017 5:03:46 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe' (pid 1948) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 16/02/2017 3:37:29 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-2264090065-1336448463-196550333-1003}/>.

Context: Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 16/02/2017 2:33:59 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-2264090065-1336448463-196550333-1003}/>.

Context: Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 16/02/2017 2:29:50 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Create for component {2c86c843-77ae-4284-9722-27d65366543c} failed, error code is Not implemented .

Log: 'Application' Date/Time: 16/02/2017 11:12:18 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Delete for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is ???.

Log: 'Application' Date/Time: 16/02/2017 11:12:17 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Attached Thumbnails

Attached Files

DARKNETnew.txt 54.24KB 535 downloads

#6
RKinner

Posted 19 February 2017 - 03:54 PM

Malware Expert

Expert
24,624 posts

Appears Speccy has gone downhill. No longer gives a reliable temperature. I had to update my own speccy just now because it was crashing and the new version was telling me I was at 85 when speedfan hadn't budged off of 41. (There is a temperature measurement in the BIOS setup and it runs a degree or so below speedfan so I trust it more than Speccy.)

The current problem is probably:

Log: 'System' Date/Time: 18/02/2017 9:56:40 PM
Type: Warning Category: 0
Event: 129 Source: storahci
Reset to device, \Device\RaidPort0, was issued.

This driver talks to your hard drive. If it's doing resets than things are going to be slow.

This seems this may be a fix from a post from JANUARY 25, 2015.

1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\0b2d69d7-a2a1-449c-9680-f91c70521c60 and change the "Attributes" key value from 1 (default; hidden) to 2 (exposed). [This will expose "AHCI Link Power Management - HIPM/DIPM" under Hard Disk power settings]

2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\0012ee47-9041-4b5d-9b77-535fba8b1442\dab60367-53fe-4fbc-825e-521d069d2456 and change the "Attributes" key value from 1 (default; hidden) to 2 (exposed). [This will expose "AHCI Link Power Management - Adaptive" under Hard Disk power settings]

Now you can edit AHCI Link Power Management options in your power profiles. You can either set them to "active" - or in my case I set them to HIPM. (Host-initiated) (While DIPM would be a device initiated sata bus power down).
Those settings control the behavior of the sata bus power state - they do not power down the device.

3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\Parameters\Device
Set NOLPM to * - those keys contain several hardware ID's (vendor and device) for storage devices. Setting NOLPM to * disables LPM control messages to any storage device.

4. I also set SingleIO to * - never had any freezes or storahci warnings again.

Are you OK with the above? There may be an updated version of the storahci driver so you might want to search for

device manager

and hit Enter

then look under IDE ATA/ATAPI Controllers. See if there's an update for any of the devices.

Also check your motherboard maker's website for updates.

The Seagate errors are pretty common. I have one and it has the same errors. I would just watch them and if they increase really fast you might want to consider cloning the drive. Seagate is earning a bad rep for reliability. I also have a Western Digital black that has no errors. That's all I buy these days.

#7
zapuxas098

Posted 19 February 2017 - 05:43 PM

Member

Topic Starter
Member
150 posts

I thought something is wrong with Speccy. Anyhow..

I did the registry edits and changed power options from active to HIPM

What does the "*" mean? Does it mean I need to delete the IDs' under the SingleIO and NOLPM and leave them blank?

So the performance drop could actually be caused by the HDD, right?

I checked under the controllers, all are up to date. Downloaded the latest Allin1 AMD motherboard driver, yet it's from 2015 the latest.

Out of cash for the moment, thought it's something I can fix. Because it all was fine until I reinstalled the windows, feels weird that the HDD somehow got "damaged" during the reinstallation.

#8
RKinner

Posted 19 February 2017 - 08:48 PM

Malware Expert

Expert
24,624 posts

I thought they meant to put a real *

"* " is a wild card meaning "every."

I don't have the service on my PC so it doesn't mean all that much to me. Can you right click on

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci

and Export it to your desktop as stor.reg. Then right click on stor.reg and Edit. Copy and paste the text into a reply.

#9
zapuxas098

Posted 20 February 2017 - 08:44 AM

Member

Topic Starter
Member
150 posts

Oh so I'll simply type "*" instead of all the IDs there, right?

Here's the info:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci]
"ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
72,00,69,00,76,00,65,00,72,00,73,00,5c,00,73,00,74,00,6f,00,72,00,61,00,68,\
00,63,00,69,00,2e,00,73,00,79,00,73,00,00,00
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000003
"Group"="SCSI Miniport"
"Tag"=dword:00000054
"DisplayName"="@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver"
"Owners"=hex(7):6d,00,73,00,68,00,64,00,63,00,2e,00,69,00,6e,00,66,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\Parameters]
"BusType"=dword:0000000b
"IoTimeoutValue"=dword:0000001e
"IoLatencyCap"=dword:000001f4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\Parameters\Device]
"ResetInInit"=hex(7):56,00,45,00,4e,00,5f,00,31,00,31,00,30,00,36,00,26,00,44,\
00,45,00,56,00,5f,00,36,00,32,00,38,00,37,00,26,00,52,00,45,00,56,00,5f,00,\
2a,00,00,00,00,00
"SingleIO"=hex(7):56,00,45,00,4e,00,5f,00,31,00,31,00,30,00,36,00,26,00,44,00,\
45,00,56,00,5f,00,36,00,32,00,38,00,37,00,26,00,52,00,45,00,56,00,5f,00,30,\
00,30,00,00,00,56,00,45,00,4e,00,5f,00,31,00,31,00,30,00,36,00,26,00,44,00,\
45,00,56,00,5f,00,36,00,32,00,38,00,37,00,26,00,52,00,45,00,56,00,5f,00,31,\
00,30,00,00,00,56,00,45,00,4e,00,5f,00,31,00,31,00,30,00,36,00,26,00,44,00,\
45,00,56,00,5f,00,36,00,32,00,38,00,37,00,26,00,52,00,45,00,56,00,5f,00,32,\
00,30,00,00,00,00,00
"IgnoreHotPlug"=hex(7):56,00,45,00,4e,00,5f,00,31,00,30,00,30,00,32,00,26,00,\
44,00,45,00,56,00,5f,00,34,00,33,00,38,00,30,00,26,00,52,00,45,00,56,00,5f,\
00,2a,00,00,00,00,00
"NeverNonQueuedErrorRecovery"=hex(7):56,00,45,00,4e,00,5f,00,31,00,30,00,30,00,\
32,00,26,00,44,00,45,00,56,00,5f,00,34,00,33,00,38,00,30,00,26,00,52,00,45,\
00,56,00,5f,00,2a,00,00,00,00,00
"EnableCLOReset"=hex(7):56,00,45,00,4e,00,5f,00,31,00,30,00,30,00,32,00,26,00,\
44,00,45,00,56,00,5f,00,34,00,33,00,39,00,31,00,26,00,52,00,45,00,56,00,5f,\
00,2a,00,00,00,00,00
"NoFUACommand"=hex(7):48,00,54,00,45,00,2a,00,00,00,48,00,69,00,74,00,61,00,63,\
00,68,00,69,00,2a,00,00,00,48,00,54,00,53,00,2a,00,00,00,48,00,44,00,53,00,\
2a,00,00,00,48,00,44,00,54,00,2a,00,00,00,00,00
"NeedSetTransferModeCommand"=hex(7):4d,00,43,00,42,00,51,00,45,00,36,00,34,00,\
47,00,42,00,4d,00,50,00,50,00,2a,00,00,00,00,00
"NoLPM"=hex(7):57,00,44,00,37,00,34,00,30,00,41,00,44,00,46,00,44,00,3f,00,30,\
00,30,00,4e,00,4c,00,52,00,31,00,2a,00,00,00,57,00,44,00,43,00,20,00,57,00,\
44,00,37,00,34,00,30,00,41,00,44,00,46,00,44,00,3f,00,30,00,30,00,4e,00,4c,\
00,52,00,31,00,2a,00,00,00,4d,00,61,00,78,00,74,00,6f,00,72,00,20,00,36,00,\
56,00,3f,00,3f,00,3f,00,45,00,30,00,2a,00,00,00,4d,00,61,00,78,00,74,00,6f,\
00,72,00,20,00,36,00,56,00,3f,00,3f,00,3f,00,46,00,30,00,2a,00,00,00,4d,00,\
61,00,78,00,74,00,6f,00,72,00,20,00,37,00,56,00,3f,00,3f,00,3f,00,45,00,30,\
00,2a,00,00,00,4d,00,61,00,78,00,74,00,6f,00,72,00,20,00,37,00,56,00,3f,00,\
3f,00,3f,00,46,00,30,00,2a,00,00,00,53,00,61,00,6e,00,44,00,69,00,73,00,6b,\
00,20,00,53,00,53,00,44,00,20,00,50,00,34,00,2a,00,00,00,00,00
"NoIdleD3"=hex(7):49,00,4e,00,54,00,45,00,4c,00,20,00,53,00,53,00,44,00,3f,00,\
43,00,3f,00,3f,00,3f,00,3f,00,3f,00,3f,00,41,00,33,00,00,00,49,00,4e,00,54,\
00,45,00,4c,00,20,00,53,00,53,00,44,00,3f,00,43,00,3f,00,3f,00,3f,00,3f,00,\
3f,00,3f,00,41,00,34,00,00,00,49,00,4e,00,54,00,45,00,4c,00,20,00,53,00,53,\
00,44,00,3f,00,43,00,3f,00,3f,00,3f,00,3f,00,3f,00,3f,00,41,00,34,00,3f,00,\
00,00,49,00,4e,00,54,00,45,00,4c,00,20,00,53,00,53,00,44,00,3f,00,43,00,3f,\
00,3f,00,3f,00,3f,00,3f,00,3f,00,41,00,34,00,3f,00,3f,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\Parameters\PnpInterface]
"5"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storahci\Enum]
"0"="PCI\\VEN_1022&DEV_7801&SUBSYS_78011849&REV_40\\3&11583659&0&88"
"Count"=dword:00000001
"NextInstance"=dword:00000001

#10
RKinner

Posted 20 February 2017 - 09:58 AM

Malware Expert

Expert
24,624 posts

Yes a "*" seems to make more sense than leaving them blank.

#11
zapuxas098

Posted 20 February 2017 - 05:09 PM

Member

Topic Starter
Member
150 posts

I set them both to "*".

Did the Storachi log said anything to you?

Btw, I have one more HDD but of 160GB only tho. I could actually try everything there and would see if my game etc works better I guess.

#12
RKinner

Posted 20 February 2017 - 05:54 PM

Malware Expert

Expert
24,624 posts

Have you looked at your event logs since the registry change? Are you still getting the resets?

If you mean the export of the registry entry. Yes. To read it you have to run the hex stuff through a hex to ascii converter:

http://www.rapidtabl...ex-to-ascii.htm

Which gives this:

NoLPM=WD740ADFD?00NLR1*WDC WD740ADFD?00NLR1*Maxtor 6V???E0*Maxtor 6V???F0*Maxtor 7V???E0*Maxtor 7V???F0*SanDisk SSD P4*

So it appears to be a list of drives which are known not to handle LPM correctly. You can see that they use the wildcard " * "

In case you are wondering about LPM here is a brief bit on LPM from intel:

Link Power Management with Intel® Rapid Storage Technology

Intel® Rapid Storage Technology implements the Link power management (LPM) feature described by the Serial ATA specification to overcome the power demand of a high-speed serial interface, SATA and providing the capability of SATA at the minimum power cost. LPM, when used in conjunction with a SATA hard drive that supports this feature, enables lower power consumption. LPM was initially enabled by default on mobile platforms starting with ICH6M with Intel® Matrix Storage Manager. Starting with ICH9R this feature has also been supported on desktop platforms with Intel® Matrix Storage Manager 7.5 release but not enabled by default. Beginning with the Intel® Rapid Storage Technology 10.0 release, LPM support is enabled by default on both mobile and desktop platforms. OEM’s who wish to modify the default settings for LPM on their platforms can follow the instructions in the following section(s).

So what we are telling the registry is we don't want Windows to use LPM on any drive. Since this is a desktop we don't need the power savings even if LPM works.

If the event logs (run VEW again as before and look for new resets which happen after making the registry change and after a subsequent reboot) are still happening then go ahead and try the other drive. It's worth a shot.

#13
zapuxas098

Posted 24 February 2017 - 02:19 PM

Member

Topic Starter
Member
150 posts

Hey, sorry for the delay.

Here are the tests, I can't find anything related to storahci anymore but take a look by yourself

#14
zapuxas098

Posted 24 February 2017 - 02:27 PM

Member

Topic Starter
Member
150 posts

**** Now this is my old 160GB HDD, ran VEW here

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 24/02/2017 12:26:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/02/2017 8:24:07 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 24/02/2017 8:24:05 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Log: 'Application' Date/Time: 24/02/2017 11:53:57 AM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Log: 'Application' Date/Time: 24/02/2017 11:53:51 AM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 24/02/2017 2:34:53 AM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Log: 'Application' Date/Time: 24/02/2017 2:33:28 AM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 24/02/2017 12:23:30 AM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Log: 'Application' Date/Time: 24/02/2017 12:23:12 AM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 23/02/2017 11:58:11 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 23/02/2017 11:58:11 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Log: 'Application' Date/Time: 23/02/2017 11:53:49 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 23/02/2017 11:53:45 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007007B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 23/02/2017 11:41:05 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Log: 'Application' Date/Time: 23/02/2017 11:41:02 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007232B Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Log: 'Application' Date/Time: 23/02/2017 11:39:02 PM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied. .

Log: 'Application' Date/Time: 23/02/2017 11:37:01 PM
Type: Error Category: 0
Event: 2 Source: Microsoft-Windows-Search-ProfileNotify
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/02/2017 11:54:12 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-859874078-4085918681-1655259208-1003}/>.

Context: Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 24/02/2017 12:51:01 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-859874078-4085918681-1655259208-1003}/>.

Context: Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 24/02/2017 12:49:05 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\explorer.exe' (pid 2696) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 24/02/2017 12:48:58 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\explorer.exe' (pid 2696) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 24/02/2017 12:48:12 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\explorer.exe' (pid 2696) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 23/02/2017 11:45:59 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
Crawl could not be completed on content source <winrt://{S-1-5-21-859874078-4085918681-1655259208-1003}/>.

Context: Windows Application, SystemIndex Catalog

Details:
   The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

Log: 'Application' Date/Time: 23/02/2017 11:41:03 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Create for component {2c86c843-77ae-4284-9722-27d65366543c} failed, error code is Not implemented .

Log: 'Application' Date/Time: 23/02/2017 11:37:01 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Delete for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is ???.

Log: 'Application' Date/Time: 23/02/2017 11:37:00 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 24/02/2017 12:27:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/02/2017 7:53:21 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 24/02/2017 7:53:21 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 24/02/2017 7:53:20 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/02/2017 2:33:52 AM
Type: Error Category: 100
Event: 30 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Log: 'System' Date/Time: 24/02/2017 2:33:45 AM
Type: Error Category: 100
Event: 30 Source: Microsoft-Windows-Eventlog
The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.

Log: 'System' Date/Time: 24/02/2017 12:23:30 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 24/02/2017 12:23:12 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 24/02/2017 12:23:11 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 24/02/2017 12:22:40 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 24/02/2017 12:22:40 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 24/02/2017 12:22:37 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :20" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 24/02/2017 12:22:37 AM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{2DCCA2FF-EDC7-41A0-B7B0-8D9C0F1030AE} because another computer on the network has the same name. The server could not start.

Log: 'System' Date/Time: 24/02/2017 12:22:31 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 24/02/2017 12:21:39 AM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 23/02/2017 11:58:11 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 23/02/2017 11:58:10 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 23/02/2017 11:58:10 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 23/02/2017 11:57:34 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 23/02/2017 11:57:34 PM
Type: Error Category: 0
Event: 4321 Source: NetBT
The name "MARIUS         :0" could not be registered on the interface with IP address 192.168.1.231. The computer with the IP address 192.168.1.150 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 23/02/2017 11:57:31 PM
Type: Error Category: 0
Event: 2505 Source: Server
The server could not bind to the transport \Device\NetBT_Tcpip_{2DCCA2FF-EDC7-41A0-B7B0-8D9C0F1030AE} because another computer on the network has the same name. The server could not start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/02/2017 8:23:11 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _ldap._tcp.dc._msdcs.WORKGROUP timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/02/2017 8:23:10 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/02/2017 7:53:00 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_&Prod_&Rev_8.07#12033080010099&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 24/02/2017 12:28:39 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_&Prod_&Rev_8.07#12033080010099&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 24/02/2017 12:21:42 AM
Type: Warning Category: 0
Event: 16393 Source: Microsoft-Windows-Bits-Client
BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x800706B5.

Log: 'System' Date/Time: 24/02/2017 12:17:43 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.nvidia.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 23/02/2017 11:37:00 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_ADATA&Prod_USB_Flash_Drive&Rev_1100#11C0516422110034&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 23/02/2017 11:36:55 PM
Type: Warning Category: 0
Event: 52 Source: Microsoft-Windows-Time-Service
The time service has set the time with offset 35998 seconds.