Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Painfully slow laptop


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,725 posts
  • MVP
.
Error: (07/10/2017 11:32:18 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

 

 

We can turn it off.
 
Search for
services.msc
hit Enter
 
find Netlogon and Right click and select Properties
 
Change Startup Type: from Automatic to Manual.  OK.
 
Now find
 
HV Host Service
 
and do the same 
 
Reboot and see if it boots quickly enough now.

  • 0

Advertisements


#32
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts

Hi,

 

When I searched for services.msc, I got 8 different files. Anyway, I edited to first one and assume it will apply to all.

 

When I searched for HV Host Service, nothing came up. Is this a hidden file?

 

It boots up quite fast now. It's a lot less frustrating to use as well.

 

RSP


  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,725 posts
  • MVP

Normally when you do a search for services.msc the top result is the one we want so hitting Enter selects it.  This should bring up the services window.  Netlogon and hv host should be on the services window.  HV Host might be called  HyperV Host.  I'm just seeing it in the Event logs as something that doesn't start and sometimes the name is slightly different from the even log.


  • 0

#34
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts

Hi,

 

Sorry, I think I misunderstood your instructions before. I've now followed them properly.

 

I did a restart with HV Host Service on automatic and then again on manual.

 

From clicking 'restart' to getting the password screen takes just under 2 minutes on automatic and 2 minutes 30 on manual.

 

Computer's definitely livelier now though.

 

Regards

 

RSP


  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,725 posts
  • MVP

I guess it likes automatic better.  Did we search for

 

power options

 

and hit Enter.  Then change the power plan to High Performance?  OK.

 

Run VEW again so I can see what else we need to fix.


  • 0

#36
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts

Hi,

 

Sorry for the delay.

 

I found power options and it was set on high performance already.

 

Regards

 

RSP


  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,725 posts
  • MVP

Run VEW again so I can see what else we need to fix.


  • 0

#38
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts

Hi,

 

Done that, here's the reports:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 16/07/2017 08:43:22

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/07/2017 08:30:29
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2017 07:39:47
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 07:39:47
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 15/07/2017 17:24:54
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 15/07/2017 17:24:54
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 15/07/2017 16:36:31
Type: Error Category: 0
Event: 3 Source: MEIx64
Intel® Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00004181, FWSTS1: 0x16462100).

Log: 'System' Date/Time: 15/07/2017 16:36:16
Type: Error Category: 0
Event: 3 Source: MEIx64
Intel® Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00004181, FWSTS1: 0x16462100).

Log: 'System' Date/Time: 15/07/2017 16:36:00
Type: Error Category: 0
Event: 3 Source: MEIx64
Intel® Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00004181, FWSTS1: 0x16462100).

Log: 'System' Date/Time: 15/07/2017 16:35:44
Type: Error Category: 0
Event: 3 Source: MEIx64
Intel® Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00004181, FWSTS1: 0x16462100).

Log: 'System' Date/Time: 15/07/2017 16:35:28
Type: Error Category: 0
Event: 3 Source: MEIx64
Intel® Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00004181, FWSTS1: 0x16462100).

Log: 'System' Date/Time: 15/07/2017 16:34:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Log: 'System' Date/Time: 15/07/2017 16:34:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Log: 'System' Date/Time: 15/07/2017 16:34:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Log: 'System' Date/Time: 15/07/2017 16:34:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Log: 'System' Date/Time: 15/07/2017 16:34:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Log: 'System' Date/Time: 15/07/2017 16:34:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1115" attempting to start the service TrustedInstaller with arguments "Unavailable" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Log: 'System' Date/Time: 15/07/2017 16:32:04
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Update Orchestrator Service service did not shut down properly after receiving a pre-shutdown control.

Log: 'System' Date/Time: 15/07/2017 11:15:08
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 15/07/2017 11:15:08
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 15/07/2017 08:33:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 15/07/2017 08:33:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2017 07:41:02
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 16/07/2017 07:40:12
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 51244 seconds since the last report.

Log: 'System' Date/Time: 16/07/2017 07:40:12
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 1 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 51244 seconds since the last report.

Log: 'System' Date/Time: 16/07/2017 07:39:19
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 16/07/2017 07:39:18
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 15/07/2017 16:38:00
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 15/07/2017 16:36:31
Type: Warning Category: 0
Event: 4 Source: MEIx64
The Intel® Management Engine Interface is being disabled.

Log: 'System' Date/Time: 15/07/2017 16:36:16
Type: Warning Category: 0
Event: 4 Source: MEIx64
The Intel® Management Engine Interface is being disabled.

Log: 'System' Date/Time: 15/07/2017 16:36:00
Type: Warning Category: 0
Event: 4 Source: MEIx64
The Intel® Management Engine Interface is being disabled.

Log: 'System' Date/Time: 15/07/2017 16:35:45
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 15/07/2017 16:35:44
Type: Warning Category: 0
Event: 4 Source: MEIx64
The Intel® Management Engine Interface is being disabled.

Log: 'System' Date/Time: 15/07/2017 16:35:28
Type: Warning Category: 0
Event: 4 Source: MEIx64
The Intel® Management Engine Interface is being disabled.

Log: 'System' Date/Time: 15/07/2017 12:21:47
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name google.be timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/07/2017 11:16:32
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 15/07/2017 11:14:44
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 15/07/2017 08:32:19
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 15/07/2017 08:32:18
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 15/07/2017 08:32:18
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 15/07/2017 08:31:49
Type: Warning Category: 0
Event: 4 Source: MEIx64
The Intel® Management Engine Interface is being disabled.

Log: 'System' Date/Time: 15/07/2017 08:31:34
Type: Warning Category: 0
Event: 4 Source: MEIx64
The Intel® Management Engine Interface is being disabled.

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 16/07/2017 08:44:21

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/07/2017 16:36:52
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 15/07/2017 16:36:50
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 15/07/2017 16:36:46
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Log: 'Application' Date/Time: 15/07/2017 08:32:49
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 15/07/2017 08:32:47
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 15/07/2017 08:32:24
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Log: 'Application' Date/Time: 12/07/2017 20:22:53
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 12/07/2017 20:17:22
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: OUTLOOK.EXE, version: 15.0.4937.1000, time stamp: 0x591aa454 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0xc0000409 Fault offset: 0x000a7666 Faulting process ID: 0x3b0 Faulting application start time: 0x01d2fb4bd7bb2810 Faulting application path: C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE Faulting module path: C:\WINDOWS\SYSTEM32\MSVCR120.dll Report ID: f8b3baf4-0004-4557-9a0b-580bae368393 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 11/07/2017 19:18:18
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "rdyboost" in DLL "C:\WINDOWS\system32\sysmain.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 11/07/2017 19:18:18
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 11/07/2017 18:55:44
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 11/07/2017 18:55:44
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 11/07/2017 18:55:44
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Log: 'Application' Date/Time: 11/07/2017 18:47:21
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 11/07/2017 18:47:21
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 11/07/2017 18:47:19
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Log: 'Application' Date/Time: 11/07/2017 18:45:02
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 11/07/2017 18:44:58
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 11/07/2017 18:44:58
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 11/07/2017 18:23:15
Type: Error Category: 0
Event: 16 Source: SecurityCenter
Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/07/2017 11:42:45
Type: Warning Category: 0
Event: 8303 Source: Microsoft-Windows-System-Restore
Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5 with error 0x80070057.

Log: 'Application' Date/Time: 15/07/2017 11:29:39
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\Owner\AppData\Local\Microsoft\Outlook\[email protected] (error=0x81404005). If this error continues, contact Microsoft Support.

Log: 'Application' Date/Time: 15/07/2017 08:03:35
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\Owner\AppData\Local\Microsoft\Outlook\[email protected] (error=0x81404005). If this error continues, contact Microsoft Support.

Log: 'Application' Date/Time: 12/07/2017 20:17:40
Type: Warning Category: 0
Event: 59 Source: Outlook


ProgID: MailScanAddin.Connect
GUID: {BC660FAD-C7C4-45F6-B536-90CB7F3865E0}
Name: BullGuard Spamfilter
Description: Blocks unsolicited e-mails, keeping your inbox clean
Load Behavior: 3
HKLM: 0
Location: c:\program files\bullguard ltd\bullguard\files32\spamfilter\mailscanaddin.dll
Threshold Time (Milliseconds): 0
Time Taken (Milliseconds): 0
Disable Reason: The add-in caused Outlook to crash, but wasn't disabled because it is in the do not disable list. It wasn't disabled because it's in the always enable list.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 11/07/2017 19:29:32
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\Owner\AppData\Local\Microsoft\Outlook\[email protected] (error=0x81404005). If this error continues, contact Microsoft Support.

Log: 'Application' Date/Time: 11/07/2017 18:39:29
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (11740) {4EA5089F-DECD-4816-923C-AE9EDB805077}: A request to write to the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.jfm" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (19 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/07/2017 18:39:10
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (11740) {4EA5089F-DECD-4816-923C-AE9EDB805077}: A request to write to the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" at offset 376832 (0x000000000005c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (260 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/07/2017 18:35:28
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (11740) {4EA5089F-DECD-4816-923C-AE9EDB805077}: A request to write to the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" at offset 376832 (0x000000000005c000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/07/2017 18:03:12
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1092) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 499712 (0x000000000007a000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/07/2017 18:00:22
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\Owner\AppData\Local\Microsoft\Outlook\[email protected] (error=0x81404005). If this error continues, contact Microsoft Support.

Log: 'Application' Date/Time: 11/07/2017 17:59:06
Type: Warning Category: 7
Event: 509 Source: ESENT
svchost (15552) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1622016 (0x000000000018c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 0 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 11/07/2017 17:59:06
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (15552) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 9457664 (0x0000000000905000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 10/07/2017 18:49:37
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\Owner\AppData\Local\Microsoft\Outlook\[email protected] (error=0x81404005). If this error continues, contact Microsoft Support.

 


  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,725 posts
  • MVP
Let's turn off the last remnant of Intel® Management Engine Components so that we will stop getting its errors:
 
Copy the next 2 lines:
 
sc config MEIx64 start= disabled
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
Open an Elevated Command Prompt:
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter.
 
Run Windows Repair All In One again and this time let it fix 
 
Repair Windows Updates
 
Reboot and run VEW again.
 
 

  • 0

#40
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts

Hi,

 

I've done the Windows repair. The software doesn't appear to mention anything about repairing Windows updates, I assume this is all done together, or do I need other software to do that?

 

Anyway, here'sa the VEW files:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 16/07/2017 17:28:37

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2017 14:35:02
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2017 16:22:57
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 16:22:57
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 16:22:43
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Defender Antivirus Service service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Log: 'System' Date/Time: 16/07/2017 16:22:18
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PowerBiosServer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/07/2017 16:22:18
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the PowerBiosServer service to connect.

Log: 'System' Date/Time: 16/07/2017 16:21:47
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The HomeGroupListener service terminated with the following service-specific error:  There are no more endpoints available from the endpoint mapper.

Log: 'System' Date/Time: 16/07/2017 16:21:46
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HvHost service terminated with the following error:  A device attached to the system is not functioning.

Log: 'System' Date/Time: 16/07/2017 16:21:44
Type: Error Category: 0
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

Log: 'System' Date/Time: 16/07/2017 15:12:12
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 15:12:12
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 15:12:12
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 15:12:12
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 15:04:01
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 16/07/2017 14:37:35
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 14:37:35
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Sage AutoUpdate Manager Service service to connect.

Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Sage SData Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Sage SData Service service to connect.

Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PowerBiosServer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the PowerBiosServer service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2017 16:23:23
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 16/07/2017 16:21:50
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device SWD\POS\{E485AF9B-A863-4A88-9368-99EC17C38724}_?usb_vid_04f2&pid_b43b&mi_00_6&8618e4c&0&0000_{e5323777-f976-4f5b-9b55-b94699c46e44}global.

Log: 'System' Date/Time: 16/07/2017 16:21:28
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 16/07/2017 14:37:56
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 16/07/2017 14:35:39
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 16/07/2017 14:35:38
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 16/07/2017 14:35:17
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 16/07/2017 17:29:40

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2017 16:28:46
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 16/07/2017 16:25:16
Type: Error Category: 0
Event: 16 Source: SecurityCenter
Error while updating  status to SECURITY_PRODUCT_STATE_ON.

Log: 'Application' Date/Time: 16/07/2017 16:25:16
Type: Error Category: 0
Event: 16 Source: SecurityCenter
Error while updating  status to SECURITY_PRODUCT_STATE_ON.

Log: 'Application' Date/Time: 16/07/2017 16:25:16
Type: Error Category: 0
Event: 16 Source: SecurityCenter
Error while updating  status to SECURITY_PRODUCT_STATE_ON.

Log: 'Application' Date/Time: 16/07/2017 16:23:41
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 16/07/2017 16:22:00
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 16/07/2017 16:21:56
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 16/07/2017 16:21:53
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Log: 'Application' Date/Time: 16/07/2017 15:11:13
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 16/07/2017 15:02:19
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected

Log: 'Application' Date/Time: 16/07/2017 15:02:19
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected

Log: 'Application' Date/Time: 16/07/2017 15:01:33
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupStorageModificationEvent" whose target class "WSP_ReplicationGroupStorageModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 16/07/2017 15:01:33
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupStorageDepartureEvent" whose target class "WSP_ReplicationGroupStorageDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 16/07/2017 15:01:33
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupStorageArrivalEvent" whose target class "WSP_ReplicationGroupStorageArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 16/07/2017 15:01:33
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from WSP_ReplicationGroupStorageModificationEvent" whose target class "WSP_ReplicationGroupStorageModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 16/07/2017 15:01:33
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from WSP_ReplicationGroupStorageDepartureEvent" whose target class "WSP_ReplicationGroupStorageDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 16/07/2017 15:01:33
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from WSP_ReplicationGroupStorageArrivalEvent" whose target class "WSP_ReplicationGroupStorageArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 16/07/2017 15:01:32
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider wsp_health attempted to register query "select * from WSP_StorageHealthStatusChangeEvent" whose target class "WSP_StorageHealthStatusChangeEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 16/07/2017 15:01:32
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider wsp_health attempted to register query "select * from WSP_StorageFaultEvent" whose target class "WSP_StorageFaultEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 16/07/2017 15:01:32
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider wsp_health attempted to register query "select * from WSP_HealthActionEvent" whose target class "WSP_HealthActionEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/07/2017 15:01:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:19
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_FolderRedirectionConfiguration, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:19
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_FolderRedirectionConfiguration, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:18
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:18
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:18
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:38
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:38
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:34
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:34
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:29
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:29
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:29
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:29
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:27
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:27
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:00:27
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, UserProfileConfigurationProvider, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Regards

 

RSP


  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,725 posts
  • MVP
Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PowerBiosServer service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the PowerBiosServer service to connect.

 

 

This is part of Hotkey 8.0153  Not sure what it does or if you really need it but perhaps an uninstall and fresh download would make it happy.  You can also search for

 

services.msc

 

hit Enter and then Find the  PowerBiosServer service.  See if it has started by now.

 

Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Sage AutoUpdate Manager Service service to connect.
 
Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Sage SData Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 16/07/2017 14:36:06
Type: Error Category: 0
Event: 7009 Source: Service Control Manager

 

A timeout was reached (30000 milliseconds) while waiting for the Sage SData Service service to connect.
 

 

 

I assume this is part of Sage 50 Accounts 2013.  Is this somehting you use?  If not uninstall.  If you do need it then get a new copy.
 
 
Log: 'System' Date/Time: 16/07/2017 14:35:39
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 16/07/2017 14:35:38
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

 

 

 
This one needs to be fixed.  If the clock get too far off you won't be able to go to HTTPS sites.
 
 
Are you having trouble shutting it down?
 
Reboot and run vew again
 
I like to use one of the .gov sites.  They seem to work better than the one from microsoft.
 
 
 

  • 0

#42
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts

Hi,

 

Sorry for the delay (again).

 

I've unistalled Hotkey and all of the Sage stuff.

 

When I tried to set the synchronisation with a .gov, I got an error message, so I reverted back to the Windows time address.

 

I'm not seeing any difficulties shutting down.

 

Here are the two VEW files:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 29/07/2017 13:09:00

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/07/2017 14:35:02
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/07/2017 12:07:55
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Defender Antivirus Service service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Log: 'System' Date/Time: 29/07/2017 12:07:43
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 29/07/2017 12:07:43
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 29/07/2017 12:06:56
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HvHost service terminated with the following error:  A device attached to the system is not functioning.

Log: 'System' Date/Time: 29/07/2017 12:06:52
Type: Error Category: 0
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

Log: 'System' Date/Time: 29/07/2017 12:00:33
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as Unavailable/Unavailable. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding

Log: 'System' Date/Time: 29/07/2017 11:56:19
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as Unavailable/Unavailable. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding

Log: 'System' Date/Time: 29/07/2017 11:53:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 29/07/2017 11:53:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 29/07/2017 11:53:39
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Defender Antivirus Service service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Log: 'System' Date/Time: 29/07/2017 11:53:16
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Sage SData Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 29/07/2017 11:53:16
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Sage SData Service service to connect.

Log: 'System' Date/Time: 29/07/2017 11:53:16
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Sage AutoUpdate Manager Service service to connect.

Log: 'System' Date/Time: 29/07/2017 11:52:48
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HvHost service terminated with the following error:  A device attached to the system is not functioning.

Log: 'System' Date/Time: 29/07/2017 11:52:49
Type: Error Category: 0
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

Log: 'System' Date/Time: 29/07/2017 10:45:23
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 29/07/2017 10:45:23
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/07/2017 20:07:04
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!Cortana.ActionUris.ActionUri did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/07/2017 20:05:11
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Log: 'System' Date/Time: 26/07/2017 20:03:36
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/07/2017 12:08:39
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 29/07/2017 12:06:54
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device SWD\POS\{E485AF9B-A863-4A88-9368-99EC17C38724}_?usb_vid_04f2&pid_b43b&mi_00_6&8618e4c&0&0000_{e5323777-f976-4f5b-9b55-b94699c46e44}global.

Log: 'System' Date/Time: 29/07/2017 12:06:49
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 29/07/2017 11:55:04
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 29/07/2017 11:52:45
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device SWD\POS\{E485AF9B-A863-4A88-9368-99EC17C38724}_?usb_vid_04f2&pid_b43b&mi_00_6&8618e4c&0&0000_{e5323777-f976-4f5b-9b55-b94699c46e44}global.

Log: 'System' Date/Time: 29/07/2017 11:52:39
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 29/07/2017 10:46:29
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 29/07/2017 10:45:05
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 29/07/2017 10:45:04
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 29/07/2017 10:45:03
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 29/07/2017 10:45:01
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 26/07/2017 20:02:47
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 26/07/2017 20:01:23
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 26/07/2017 20:01:22
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 26/07/2017 20:01:21
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 24/07/2017 19:16:37
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 24/07/2017 19:14:55
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 24/07/2017 19:14:53
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 24/07/2017 19:14:52
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 24/07/2017 19:14:50
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 29/07/2017 13:13:20

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/07/2017 12:07:15
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 29/07/2017 12:07:10
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 29/07/2017 12:07:00
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Log: 'Application' Date/Time: 29/07/2017 12:01:09
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. .

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Log: 'Application' Date/Time: 29/07/2017 11:57:43
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. .

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Log: 'Application' Date/Time: 29/07/2017 11:53:12
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 29/07/2017 11:53:08
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 29/07/2017 11:52:57
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Log: 'Application' Date/Time: 29/07/2017 11:51:20
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. .

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Log: 'Application' Date/Time: 26/07/2017 20:05:11
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App failed with error: A device attached to the system is not functioning. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 26/07/2017 20:03:36
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: A device attached to the system is not functioning. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 26/07/2017 20:03:35
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: A device attached to the system is not functioning. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 22/07/2017 16:18:21
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 22/07/2017 08:37:04
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 22/07/2017 07:52:04
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 20/07/2017 18:29:31
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 20/07/2017 17:55:20
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: OUTLOOK.EXE, version: 15.0.4937.1000, time stamp: 0x591aa454 Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0xc0000409 Fault offset: 0x000a7666 Faulting process ID: 0x1dcc Faulting application start time: 0x01d301814a493c66 Faulting application path: C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE Faulting module path: C:\WINDOWS\SYSTEM32\MSVCR120.dll Report ID: 650c705a-55fb-4f7c-9896-0bf67e3d7b65 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 20/07/2017 17:54:31
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 18/07/2017 20:10:49
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 18/07/2017 19:45:49
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/07/2017 10:50:26
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (8636) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 163840 (0x0000000000028000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (23 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 29/07/2017 10:48:37
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (59524) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 10993664 (0x0000000000a7c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 29/07/2017 10:48:35
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (59524) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 10993664 (0x0000000000a7c000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 29/07/2017 10:48:33
Type: Warning Category: 0
Event: 59 Source: Outlook
Outlook disabled the following add-in(s):



ProgID: MailScanAddin.Connect
GUID: {BC660FAD-C7C4-45F6-B536-90CB7F3865E0}
Name: BullGuard Spamfilter
Description: Blocks unsolicited e-mails, keeping your inbox clean
Load Behavior: 3
HKLM: 0
Location: c:\program files\bullguard ltd\bullguard\files32\spamfilter\mailscanaddin.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1219
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 26/07/2017 20:04:45
Type: Warning Category: 0
Event: 59 Source: Outlook
Outlook disabled the following add-in(s):



ProgID: MailScanAddin.Connect
GUID: {BC660FAD-C7C4-45F6-B536-90CB7F3865E0}
Name: BullGuard Spamfilter
Description: Blocks unsolicited e-mails, keeping your inbox clean
Load Behavior: 3
HKLM: 0
Location: c:\program files\bullguard ltd\bullguard\files32\spamfilter\mailscanaddin.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1219
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 24/07/2017 19:17:11
Type: Warning Category: 0
Event: 59 Source: Outlook
Outlook disabled the following add-in(s):



ProgID: MailScanAddin.Connect
GUID: {BC660FAD-C7C4-45F6-B536-90CB7F3865E0}
Name: BullGuard Spamfilter
Description: Blocks unsolicited e-mails, keeping your inbox clean
Load Behavior: 3
HKLM: 0
Location: c:\program files\bullguard ltd\bullguard\files32\spamfilter\mailscanaddin.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1563
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

ProgID: OneNote.OutlookAddin
GUID: {93E5752E-B889-47C5-8545-654EE2533C64}
Name: OneNote Notes about Outlook Items
Description: Adds Send to OneNote and Notes about this Item buttons to the command bar
Load Behavior: 3
HKLM: 1
Location: c:\program files\microsoft office 15\root\office15\onbttnol.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1094
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 23/07/2017 11:29:04
Type: Warning Category: 0
Event: 59 Source: Outlook
Outlook disabled the following add-in(s):



ProgID: MailScanAddin.Connect
GUID: {BC660FAD-C7C4-45F6-B536-90CB7F3865E0}
Name: BullGuard Spamfilter
Description: Blocks unsolicited e-mails, keeping your inbox clean
Load Behavior: 3
HKLM: 0
Location: c:\program files\bullguard ltd\bullguard\files32\spamfilter\mailscanaddin.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1219
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 23/07/2017 11:29:03
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (16240) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1622016 (0x000000000018c000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 23/07/2017 11:29:03
Type: Warning Category: 7
Event: 509 Source: ESENT
svchost (16240) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 2265088 (0x0000000000229000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 0 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 23/07/2017 11:29:03
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (16240) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1622016 (0x000000000018c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 22/07/2017 16:18:59
Type: Warning Category: 0
Event: 59 Source: Outlook
Outlook disabled the following add-in(s):



ProgID: MailScanAddin.Connect
GUID: {BC660FAD-C7C4-45F6-B536-90CB7F3865E0}
Name: BullGuard Spamfilter
Description: Blocks unsolicited e-mails, keeping your inbox clean
Load Behavior: 3
HKLM: 0
Location: c:\program files\bullguard ltd\bullguard\files32\spamfilter\mailscanaddin.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1563
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 22/07/2017 07:52:56
Type: Warning Category: 0
Event: 59 Source: Outlook
Outlook disabled the following add-in(s):



ProgID: MailScanAddin.Connect
GUID: {BC660FAD-C7C4-45F6-B536-90CB7F3865E0}
Name: BullGuard Spamfilter
Description: Blocks unsolicited e-mails, keeping your inbox clean
Load Behavior: 3
HKLM: 0
Location: c:\program files\bullguard ltd\bullguard\files32\spamfilter\mailscanaddin.dll
Threshold Time (Milliseconds): 1000
Time Taken (Milliseconds): 1563
Disable Reason: This add-in caused Outlook to start slowly.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 20/07/2017 17:56:53
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (17632) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1867776 (0x00000000001c8000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (62 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 20/07/2017 17:55:42
Type: Warning Category: 1
Event: 532 Source: ESENT
svchost (17632) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 1867776 (0x00000000001c8000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 20/07/2017 17:55:36
Type: Warning Category: 0
Event: 59 Source: Outlook


ProgID: MailScanAddin.Connect
GUID: {BC660FAD-C7C4-45F6-B536-90CB7F3865E0}
Name: BullGuard Spamfilter
Description: Blocks unsolicited e-mails, keeping your inbox clean
Load Behavior: 3
HKLM: 0
Location: c:\program files\bullguard ltd\bullguard\files32\spamfilter\mailscanaddin.dll
Threshold Time (Milliseconds): 0
Time Taken (Milliseconds): 0
Disable Reason: The add-in caused Outlook to crash, but wasn't disabled because it is in the do not disable list. It wasn't disabled because it's in the always enable list.
Policy Exception (Allow List): 0

Log: 'Application' Date/Time: 18/07/2017 19:39:50
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (13280) Unistore: A request to read from the file "C:\Users\Owner\AppData\Local\Comms\UnistoreDB\store.vol" at offset 7471104 (0x0000000000720000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (17 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 16/07/2017 15:01:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:31
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace root\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 16/07/2017 15:01:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, Win32_UserStateConfigurationProvider, has been registered in the Windows Management Instrumentation namespace root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Regards

 

RSP


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,725 posts
  • MVP

Don't worry about delays.

 

Log: 'System' Date/Time: 29/07/2017 12:07:55
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Defender Antivirus Service service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

 

Since you have Bullguard you don't need this running so search for 

services.msc

hit enter

 

Find Windows Defender Antivirus Service  and right click on it and select Properties then change Stasrtup Type: to disabled.  OK.

 

Log: 'System' Date/Time: 29/07/2017 12:06:52

Type: Error Category: 0
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.

 

 

 

While in Services do the same to Netlogon.

 

Log: 'System' Date/Time: 29/07/2017 12:00:33
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as Unavailable/Unavailable. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding
 

 

 

 
This is probably associated with this entry from FRST:
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
 
The 740 error indicates it is not allowed to run without being elevated (Run As Admin).
 
I expect this is listed as
InstallDriver Table Manager
in Services so see if you can find it and change it to Disabled.
 
Log: 'System' Date/Time: 29/07/2017 11:53:16
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Sage SData Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 29/07/2017 11:53:16
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Sage SData Service service to connect.

 

 

Appears this may not have completely uninstalled so see if you can find any service which starts with Sage and disable it.
 
Then copy this line:
 
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter
 
You will get a few errors but this will clear the event logs.  Now reboot and run VEW again as before.  Is it starting up any faster?
 
 
 
 
 

  • 0

#44
RedSuedePump

RedSuedePump

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 161 posts

Hello,

 

I tried disabling Windows antivirus in services.msc, but unfortunately, the dropdown I want to use is greyed out (see screenshot attached). Is there a way of making it accessible?

 

I managed to make the changes to Netlogon and InstallDriver Table Manager.

 

When I look at the Programmes section in Control Panel, there are no Sage programmes there, so there's nothing that I can uninstall with ease. Nonetheless, if I search for 'Sage' on C drive, there's still a load of stuff there. Is there an appropriate way to clear this stuff off?

 

I did the elevated command prompt routine and now from 'restart' to password screen is now 1 minute 20 seconds, compared to 2 minutes previously.

 

Here are the VEW files:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 04/08/2017 13:02:58

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/08/2017 12:01:37
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/08/2017 12:01:37
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/08/2017 12:01:28
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The WinDefend service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Log: 'System' Date/Time: 04/08/2017 12:01:09
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HvHost service terminated with the following error:  A device attached to the system is not functioning.

Log: 'System' Date/Time: 04/08/2017 07:30:16
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/08/2017 07:30:16
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/08/2017 07:30:15
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The WinDefend service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Log: 'System' Date/Time: 04/08/2017 07:29:40
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HvHost service terminated with the following error:  A device attached to the system is not functioning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/08/2017 12:01:08
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device SWD\POS\{E485AF9B-A863-4A88-9368-99EC17C38724}_?usb_vid_04f2&pid_b43b&mi_00_6&8618e4c&0&0000_{e5323777-f976-4f5b-9b55-b94699c46e44}global.

Log: 'System' Date/Time: 04/08/2017 12:01:04
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 04/08/2017 07:31:31
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\TOWER on the network \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}.    Browser master: \\TOWER  Network: \Device\NetBT_Tcpip_{CAB2D349-7034-4DA7-9DA5-105CC6262F19}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 04/08/2017 07:29:41
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device SWD\POS\{E485AF9B-A863-4A88-9368-99EC17C38724}_?usb_vid_04f2&pid_b43b&mi_00_6&8618e4c&0&0000_{e5323777-f976-4f5b-9b55-b94699c46e44}global.

Log: 'System' Date/Time: 04/08/2017 07:29:37
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 04/08/2017 13:03:48

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/08/2017 12:01:18
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 04/08/2017 12:01:10
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 04/08/2017 12:01:09
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


Log: 'Application' Date/Time: 04/08/2017 07:29:53
Type: Error Category: 1
Event: 10021 Source: Microsoft-Windows-Search
Could not get performance counter registry information for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Log: 'Application' Date/Time: 04/08/2017 07:29:49
Type: Error Category: 3
Event: 3007 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalogue


Log: 'Application' Date/Time: 04/08/2017 07:29:42
Type: Error Category: 3
Event: 3006 Source: Microsoft-Windows-Search
Performance monitoring cannot be initialised for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Regards

 

RSP

 

 

Attached Thumbnails

  • Antivirus.jpg

  • 0

#45
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,725 posts
  • MVP
Let's see if I can fix it
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   444bytes   14 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
reboot
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP