Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random Browser dropouts especially on startup & eventviewer proble


  • Please log in to reply

#1
phickspc

phickspc

    Member

  • Member
  • PipPipPip
  • 449 posts

Hi I have several administrative event viewer errors and I've got Network issues.

For at least 5-10minutes after logging in, internet doesn't work (browsers don't load pages, email don't apps emails),

and the system tray network icon shows loading logo, during which I cannot load network adapter or right-click it or else windows explorer freezes.

Also, when I try uninstall network in Device Manager, but then try to refresh it, Device Manager hangs for 5-10mins.

I've already tried uninstalling all security software & real-time scanners.

 

Event Viewer Errors:

3: Session "Microsoft Security Client OOBE" stopped due to the following error: 0xC000000D

1014: Name resolution for the name crl.microsoft.com timed out after none of the configured DNS servers responded.

7011: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcrSch2Svc service.

10016: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

64: Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.

11: The driver detected a controller error on \Device\CdRom0.

1530: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. 

 DETAIL -
 11 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008:
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Internet Explorer\Main
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Policies
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Windows NT\CurrentVersion
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software
Process 2704 (\Device\HarddiskVolume2\Program Files\Microsoft IntelliPoint\ipoint.exe) has opened key \REGISTRY\USER\S-1-5-21-1925592742-456944920-4000667399-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 


  • 0

#3
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 449 posts

MTB Log.

Process Explorer Log.


Edited by phickspc, 17 November 2019 - 08:58 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

Appears your system is trying to use ipv6 and it's not working.  Let's turn it off and see if that helps.

 

Download the attached ipv6.zip file. 

Attached File  ipv6.zip   341bytes   20 downloads

 

Save then right click and Extract All.  Extract.  Right click on ipv6.reg and MERGE.  Ignore any warnings.

 

Reboot and run Minitoolbox again.

 

Shouldn't cause any problems but if for some reason you get knocked off line you can go into regedit, navigate to

HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, services, TCPIP6 and Parameters.  Delete the DisabledComponents entry.


  • 0

#5
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 449 posts

Merged ipv6 reg key.

Restarted.

Didn't have to delete reg key.

MTB Log v2.


  • 0

#6
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 449 posts

Additionally, the network status for the adaptor now shows "No network access" under ipv6 Connectivity.


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

OK. That seems to have made the pings in MTB work so we may be on the right track.

 

Instead of turning IPv6 off completely we can tell it it can use IPv6 in Tunnels if it needs them.

 

Same as before.  Attached File  ipv6.zip   341bytes   16 downloads

 

I see errors for Acronis but it doesn't appear to be installed.  Did you uninstall it in the past?  Perhaps it didn't uninstall correctly?

 

 

 

 


  • 0

#8
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 449 posts

Okay, great!

Merged the new ipv6.zip.

Acronis is uninstalled.

What next?


  • 0

#9
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 449 posts

Network status for the adaptor still shows "No network access" under ipv6 Connectivity.


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

Run Minitoolbox again please


  • 0

Advertisements


#11
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 449 posts

MTB Log v3


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

Uninstall:

 

Bonjour

Private Internet Access

 

Neither seem to be working.

 

Search for

services.msc

hit Enter

This should bring up the Services Window.  Scroll down to DNS Client.  Right click and select Properties.  The Startup Type: should be set to Automatic.  Is it?  If not change it by using the drop down menu then Apply.  If the service is not Running try to START it.  Does it start?

 

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

 

Regardless of the results of sfc:

 

REBOOT

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 


  • 0

#13
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 449 posts

Private Internet Access, is a vpn, I use it daily.


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,034 posts
  • MVP

OK.  But it is causing an error:

 


Error: (11/18/2019 02:28:14 PM) (Source: Service Control Manager) (User: )

Description: The Private Internet Access Service service hung on starting.


 

 

May need to be reinstalled.


  • 0

#15
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 449 posts

Uninstalled bonjour.

Uninstalled PIA and then installed the latest version of PIA.

DNS Client was set to Automatic and services was already started.

Cleared the System & Application Event Logs as requested.

SFC found no errors.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP