Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random Browser dropouts especially on startup & eventviewer proble


  • Please log in to reply

#61
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,140 posts
  • MVP

So the problem is probably caused by dnscache crashing.  (I assume that's what was causing the 7011 errors). 

 

I think we need to try
Windows Repair all in one

http://www.tweaking....all_in_one.html

Download the portable version.  Save it then right click and Extract All then Extract.  Open the folder then find Repair_Windows.exe  right click and Run As Admin.

It will warn you that for best results it should be run in Safe Mode but it's not really necessary tho it might work a bit faster.

 

Click on Repairs + and a menu will open.

 

Make sure at least these are checked before hitting Start:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair Network
Repair Hosts File
Remove Policies Set By Infections

Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files

(You can leave them all checked if you like.  It won't hurt anything but it will take longer.

Reboot when done and then see if you still get the delays


  • 0

Advertisements


#62
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

In All repairs, there are 44 items.

But the list doesn't contain these items:

Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings


  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,140 posts
  • MVP

OK.  Looks like a newer version.  Just check the ones you can.

 

I've been looking at your FRST scans and one thing stands out.  Your hosts file has over 46000 lines.  I tried to clean it with one of the fixlists but it came back so some program is probably watching over it tho I don't know which one.  I'm worried that so many entries might be making your DNSCache service unstable.  We haven't really recommended putting a bunch of files in the hosts file since XP.  Apparently it slows things down.  Windows 10 doesn't even have the loopback entry in its hosts file.


  • 0

#64
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

The Hosts file is Steven Blacks Unified & ads. I already disabled it and ruled it out before posting.


  • 0

#65
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

Processed Tweaking.com fixes.

Rebooted.

Still got delays.


Edited by phickspc, 23 November 2019 - 04:30 PM.

  • 0

#66
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

Still think it's DNS related?

One of the event viewer errors is 1014 DNS Client Events: "Name resolution for the name www.rottentomatoes.com timed out after none of the configured DNS servers responded."


  • 0

#67
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,140 posts
  • MVP

DNSCache is the DNS Client which is responsible for the DNS lookup so if it's crashing you can expect slow DNS response and big slowdowns.  When you disabled

Steven Blacks Unified & ads did you verify that it restored the Hosts file to the default?

 

 

Check for a bad program:
Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains.  Go to Startup tab and uncheck everything.  OK and
reboot.  If it doesn't help then go back into msconfig and recheck the
things you turned off.  If it helps then go back and turn on a few items each
time until you find the culprit.
 


  • 0

#68
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

It restored to default.

Will check try the bad program check.


  • 0

#69
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

Disabled all startup and non-MS services, the problem still occurred.

I launched a webpage from firefox and saw the event errors appear in their typical order: 1530, 3, 64, 10016 and then 2-3mins later, the webpage loaded.

I've noticed that the network delay occurs regardless of whether event error 7011 occurs.


  • 0

#70
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

Found this Information event under event viewer directory: Application & Service Logs>MS>Windows>DHCPv6-Client
id 1006
Router Advertisement settings have been changed on the network adapter 20. The current M - Managed Address Configuration flag is false and the O - Other Stateful Configuration flag is true. User Action: If you are seeing this event frequently, then it could be due to frequent change in M and O flag settings on the router in the network. Please contact your network administrator to have it resolved.


  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,140 posts
  • MVP

Pretty sure we don't care about IPv6. 

 

Try running the

 

System Update Readiness Tool for Windows 7

This link is for 64 bit:
https://www.microsof...s.aspx?id=20858
 

 

Also could you run VEW again. 

 

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

 


  • 0

#72
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

Ran the Readiness tool, which installed a windows update hotfix (KB947821).

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/11/2019 18:50:58

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2019 16:46:06
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 16:44:24
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Log: 'System' Date/Time: 24/11/2019 16:42:26
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 16:27:41
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 16:22:33
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 16:17:36
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 16:01:09
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 15:46:40
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 15:45:15
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Log: 'System' Date/Time: 24/11/2019 15:40:49
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 14:29:41
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/11/2019 14:27:53
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Log: 'System' Date/Time: 23/11/2019 22:26:17
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/11/2019 22:20:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/11/2019 21:16:24
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/11/2019 21:14:33
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Log: 'System' Date/Time: 23/11/2019 13:19:54
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 23/11/2019 13:18:46
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Log: 'System' Date/Time: 23/11/2019 13:17:56
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Log: 'System' Date/Time: 23/11/2019 13:17:26
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/11/2019 16:37:37
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name s3-eu-west-1.amazonaws.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 23/11/2019 22:26:25
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.rottentomatoes.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 23/11/2019 13:22:14
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ocsp.int-x3.letsencrypt.org timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/11/2019 22:34:27
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name snippets.cdn.mozilla.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/11/2019 22:27:25
Type: Warning Category: 0
Event: 1006 Source: Microsoft-Windows-DNS-Client
The client was unable to validate the following as active DNS server(s) that can service this client. The server(s) may be temporarily unavailable, or may be incorrectly configured. fd65:e21b:b303:0:3e89:94ff:fe4d:7a40

Log: 'System' Date/Time: 22/11/2019 22:27:25
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/11/2019 16:00:35
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name detectportal.firefox.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 22/11/2019 15:43:30
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume W: has now been repaired.

Log: 'System' Date/Time: 22/11/2019 14:15:05
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name d.ghostery.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/11/2019 22:36:43
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ieonline.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/11/2019 15:12:22
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.Home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/11/2019 13:53:50
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.Home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/11/2019 13:53:03
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.Home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/11/2019 13:51:19
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name piaproxy.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/11/2019 13:38:53
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name samsungmobile.accu-weather.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/11/2019 00:40:34
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Tm
The Transaction (UOW={F50F68E1-0BE7-11EA-9353-00248C02DA27}, Description='') was unable to be committed, and instead rolled back; this was due to an error message returned by CLFS while attempting to write a Prepare or Commit record for the Transaction.  The CLFS error returned was: 0xc0190052.

Log: 'System' Date/Time: 21/11/2019 00:32:35
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.realtek.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/11/2019 19:48:23
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name fonts.gstatic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 20/11/2019 18:56:12
Type: Warning Category: 0
Event: 5 Source: Microsoft-Windows-FilterManager
File System Filter 'MBAMProtector' (Version 6.1, ?2015?-?08?-?11T17:35:19.000000000Z) failed to register with Filter Manager.  The final status for this operation was 0xc0000034.

 


Edited by phickspc, 24 November 2019 - 02:54 PM.

  • 0

#73
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

Noticed that when I connect to VPN, it takes a very long time to connect (caused by network delay nothing wrong with vpn). Just before it actually connected, I saw the 7011 DNS event viewer error occur (3000s timeout reached).


  • 0

#74
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,140 posts
  • MVP

Does it happen every time with the VPN?  Does the delay happen without the VPN?

 

Seems like I read somewhere that your VPN needs IPv6.

 

I think the 10016 happens after the DNScache but let's see if we can figure out what it belongs to as I do not have CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} on my win 7.

 

Open FRST.  Put C97FCC79-E628-407D-AE68-A06AD6D8B4D1 in the Search Box.  Hit Search Registry.  That will give you a single log file.  Please post.


  • 0

#75
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 478 posts

With vpn the network delay (before VPN successfully connects to a server) only happens once per server I connect to.

e.g. If I connect to Ireland first time during a session, then disconnect vpn, then re-connect to Ireland again later, no problems.

But if I then try a different server like Denmark, then it showed me 7011, then 1014, then 7011 again (vpn connected to server immediately after the second 7011 error). But the 7011 and 1014 also continued occurring after being connected.

 

Without vpn, disabling then re-enabling LAN adaptor, network delay (before webpages load) lasted about 3mins, with only two event errors (both 7011) during the 2nd minute.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP