Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Update Problem


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

If you see your usual desktop and can make changes to it that last through a reboot then the profile problem was just a glitch and everything is OK.

 

If you want to get rid of Avast that's your choice.  Windows Defender is a pretty decent anti-virus.  Just make sure that it comes back to life after you uninstall Avast as Avast will prevent it from running when installed.

 

After you made the changes to WCF did you reboot?  Can you make some new VEW logs as before so I can see how we are doing now?


  • 0

Advertisements


#32
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 843 posts

I think different people here tell you different things about whether it is a good idea to have an antivirus othere than Windows Defender on Windows 10. I think perhaps I will keep Avast for a while and see how I go.

 

 It doesn't look to me as if there is any improvement in the VEW logs. The profile problem is still mentioned, despite me not seeing any evidence of a problem. I retried the GameDVR and Broadcast User Service changes, but still get the same results. And yes, I restarted after making the WCF changes and in fact, after all the changes just to be on the safe side.

 

Here are the logs: -

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 18/04/2020 16:49:28


Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/04/2020 18:24:43
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/04/2020 15:38:51
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service BcastDVRUserService_75e36 with arguments "Unavailable" in order to run the server: Windows.Media.Capture.Internal.AppCaptureShell

Log: 'System' Date/Time: 18/04/2020 15:38:51
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GameDVR and Broadcast User Service_75e36 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 18/04/2020 15:38:51
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the GameDVR and Broadcast User Service_75e36 service to connect.

Log: 'System' Date/Time: 18/04/2020 12:02:29
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The event description cannot be found.

Log: 'System' Date/Time: 18/04/2020 12:01:48
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service BcastDVRUserService_2dce6 with arguments "Unavailable" in order to run the server: Windows.Media.Capture.Internal.AppCaptureShell

Log: 'System' Date/Time: 18/04/2020 12:01:48
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BcastDVRUserService_2dce6 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 18/04/2020 12:01:48
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the BcastDVRUserService_2dce6 service to connect.

Log: 'System' Date/Time: 18/04/2020 10:59:24
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 18/04/2020 10:50:45
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service hung on starting.

Log: 'System' Date/Time: 18/04/2020 10:46:22
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server Microsoft.SkypeApp_14.56.102.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 18/04/2020 10:43:34
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 18/04/2020 10:43:34
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NetTcpPortSharing service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 18/04/2020 10:43:34
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (45000 milliseconds) while waiting for the NetTcpPortSharing service to connect.

Log: 'System' Date/Time: 18/04/2020 01:01:26
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 17/04/2020 22:45:40
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server Microsoft.Windows.Photos_2020.19111.24110.0_x86__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 17/04/2020 13:26:12
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Net.Msmq Listener Adapter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 17/04/2020 13:26:12
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (45000 milliseconds) while waiting for the Net.Msmq Listener Adapter service to connect.

Log: 'System' Date/Time: 17/04/2020 13:26:05
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Net.Pipe Listener Adapter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 17/04/2020 13:26:05
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.

Log: 'System' Date/Time: 17/04/2020 13:25:35
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/04/2020 15:42:08
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 15:41:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 12:01:57
Type: Warning Category: 0
Event: 1073 Source: User32
The attempt by user NEAL1-DELL\channeal to restart/shutdown computer NEAL1-DELL failed

Log: 'System' Date/Time: 18/04/2020 10:50:45
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 10:50:32
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 10:50:31
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 10:42:44
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 10:42:32
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 13:24:35
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 13:24:20
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 13:20:29
Type: Warning Category: 0
Event: 1073 Source: User32
The attempt by user NEAL1-DELL\channeal to restart/shutdown computer NEAL1-DELL failed

Log: 'System' Date/Time: 17/04/2020 12:21:58
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 12:21:58
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 11:02:26
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 10:57:28
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 10:57:27
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 10:20:16
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 17/04/2020 10:20:01
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/04/2020 19:29:03
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/04/2020 19:29:03
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 18/04/2020 16:57:00


Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/04/2020 15:48:01
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 18/04/2020 15:39:13
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 18/04/2020 15:39:13
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 18/04/2020 12:26:42
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 18/04/2020 12:10:33
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 18/04/2020 12:02:36
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 18/04/2020 12:02:36
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 18/04/2020 12:02:36
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 18/04/2020 12:02:36
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 18/04/2020 11:59:35
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2559438547-1515831249-1651957702-1003.bak).  hr = 0x80070539, The security ID structure is invalid. .

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {8d9ce93d-e4ab-4ee6-b368-a4b61b0b633a}

Log: 'Application' Date/Time: 18/04/2020 10:50:47
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 17/04/2020 22:28:34
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Microsoft.Photos.exe version 2020.19111.24110.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 19b8  Start Time: 01d615075a1d8058  Termination Time: 4294967295  Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe  Report Id: 8567e46c-12db-475f-b5a6-b6795df3566f  Faulting package full name: Microsoft.Windows.Photos_2020.19111.24110.0_x86__8wekyb3d8bbwe  Faulting package-relative application ID: App  Hang type: Quiesce

Log: 'Application' Date/Time: 17/04/2020 22:27:16
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Microsoft.Photos.exe version 2020.19111.24110.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 2738  Start Time: 01d6150737a3c1c8  Termination Time: 4294967295  Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe  Report Id: 6018d3bd-c2d2-4796-89d1-b019aa9f9c4a  Faulting package full name: Microsoft.Windows.Photos_2020.19111.24110.0_x86__8wekyb3d8bbwe  Faulting package-relative application ID: App  Hang type: Quiesce

Log: 'Application' Date/Time: 17/04/2020 22:26:18
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Microsoft.Photos.exe version 2020.19111.24110.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 1070  Start Time: 01d614c71016156d  Termination Time: 4294967295  Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe  Report Id: 82997d3d-6727-4d17-bc75-22ff413d9410  Faulting package full name: Microsoft.Windows.Photos_2020.19111.24110.0_x86__8wekyb3d8bbwe  Faulting package-relative application ID: App  Hang type: Quiesce

Log: 'Application' Date/Time: 17/04/2020 13:31:20
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 17/04/2020 13:21:41
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 17/04/2020 13:21:41
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 17/04/2020 10:27:41
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 16/04/2020 19:22:28
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 16/04/2020 19:17:36
Type: Error Category: 0
Event: 1552 Source: Microsoft-Windows-User Profiles Service
User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2412, ProfSvc PID: 1188.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/04/2020 22:42:08
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.

Log: 'Application' Date/Time: 17/04/2020 12:55:44
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 5408 did not respond and is being forcibly terminated {filter host process 1920}.


Log: 'Application' Date/Time: 17/04/2020 10:26:21
Type: Warning Category: 7
Event: 507 Source: ESENT
svchost (3024,D,12) Unistore: A request to read from the file "C:\Users\channeal\AppData\Local\Comms\UnistoreDB\store.vol" at offset 4702208 (0x000000000047c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 16/04/2020 22:52:47
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 3288 did not respond and is being forcibly terminated {filter host process 1184}.


Log: 'Application' Date/Time: 16/04/2020 22:44:50
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 6356 did not respond and is being forcibly terminated {filter host process 6804}.


Log: 'Application' Date/Time: 16/04/2020 18:47:41
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (2600,R,98) WebCacheLocal: The shadow header page of file C:\Users\channeal\AppData\Local\Microsoft\Windows\WebCache\V01.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 16/04/2020 15:05:42
Type: Warning Category: 0
Event: 1509 Source: Microsoft-Windows-User Profiles General
Windows cannot copy file C:\Users\Default\NTUSER.DAT to location C:\Users\TEMP\NTUSER.DAT. This error may be caused by network problems or insufficient security rights.    DETAIL - The process cannot access the file because it is being used by another process.

Log: 'Application' Date/Time: 16/04/2020 15:02:59
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 60 second(s) to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 16/04/2020 15:02:59
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 16/04/2020 15:01:59
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 74 second(s) to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 16/04/2020 15:01:44
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 16/04/2020 13:22:54
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 7384 did not respond and is being forcibly terminated {filter host process 3780}.


Log: 'Application' Date/Time: 16/04/2020 10:35:16
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (2988,R,98) WebCacheLocal: The shadow header page of file C:\Users\channeal\AppData\Local\Microsoft\Windows\WebCache\V01.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 15/04/2020 22:47:26
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 3264 did not respond and is being forcibly terminated {filter host process 7124}.


Log: 'Application' Date/Time: 15/04/2020 22:27:02
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 9452 did not respond and is being forcibly terminated {filter host process 11192}.


Log: 'Application' Date/Time: 15/04/2020 22:16:07
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 9120 did not respond and is being forcibly terminated {filter host process 9928}.


Log: 'Application' Date/Time: 15/04/2020 22:08:11
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 8996 did not respond and is being forcibly terminated {filter host process 5080}.


Log: 'Application' Date/Time: 15/04/2020 22:00:16
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 6684 did not respond and is being forcibly terminated {filter host process 9688}.


Log: 'Application' Date/Time: 15/04/2020 21:55:58
Type: Warning Category: 3
Event: 472 Source: ESENT
MicrosoftEdge (4272,R,98) C:\Users\channeal\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\: The shadow header page of file C:\Users\channeal\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb was damaged. The primary header page (8192 bytes) was used instead.

Log: 'Application' Date/Time: 15/04/2020 21:39:54
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> took 92 second(s) to handle the notification event (CreateSession).





 


  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

Some of the errors you see are leftover from before the changes.  Let's see if I can get FRST to fix the Game service and also clear the alarms.  This will reboot.

 

Download the attached fixlist.txt to the same location as FRST  (Get FRST at: http://www.bleepingc...very-scan-tool/if you don't still have it)

Attached File  fixlist.txt   762bytes   87 downloads

Run FRST (right click and Run As Admin) and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run VEW again as before and post both logs

 

 

 

As far as the profile error this is what needs to be done if it is still there after the fix:

 

 

https://www.itsmdail...crosoft-server/


  • 0

#34
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 843 posts

Okay, will do that either tomorrow or Monday.

 

A quick question from taking a brief look at your link about the profile problem.

 

 

a. Log in to Windows, make sure that you have been logged to the temp profile

 

How do I make sure of that? I haven't seen anywhere that I am logged into a different profile.


  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

There is supposed to be a little message in the bottom right to that effect when you log on.  IF you put a file or a shortcut on the desktop it should not be there when you reboot.

 

You could also open an elevated command prompt and type:

 

cd %userprofile%

 

That should show you the path to your profile:  c:\Users\YourUsualLoginName 

I think it should use something like C:\users\temp or something if it's not your real login.


  • 0

#36
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 843 posts

Okay, thanks very much for the info.

 

I am logged into the correct account at the moment. Will try again tomorrow though.


  • 0

#37
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 843 posts

I do not know how to follow the instuctions in the link you gave me for fixing the profile problem, because I can never identify that I am logged into the wrong profile. I did have a problem on here this morning when the task bar was unresponsive and I coudn't get into the search box, or get to close down properly and eventually had to press the power button to shut down and restart. I wonderered if that was due to the profile problem, but couldn't get into Command Prompt to find out.

 

If I go into the Users file on here, it shows 3 other profiles apart from my usual one: Public, Temp and UpdatusUser.

 

Okay, here are the logs. The FRST log was from Friday, the other 2 are from today.

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-04-2020
Ran by channeal (18-04-2020 22:42:06) Run:1
Running from C:\Users\channeal\Desktop
Loaded Profiles: channeal & UpdatusUser (Available Profiles: channeal & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
UNLOCK: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_75e36
CMD: SC config BcastDVRUserService_75e36 start= disabled
UNLOCK: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MapsBroker
CMD: SC config "GameDVR and Broadcast User Service_75e36" start= disabled
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BcastDVRUserService_75e36" => not found

========= SC config BcastDVRUserService_75e36 start= disabled =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MapsBroker" => was unlocked

========= SC config "GameDVR and Broadcast User Service_75e36" start= disabled =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 22:46:25 ====

 

 

 

 

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 20/04/2020 11:01:36

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2020 09:51:33
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2020 10:00:08
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service hung on starting.

Log: 'System' Date/Time: 20/04/2020 09:58:01
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.

Log: 'System' Date/Time: 20/04/2020 09:52:10
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 10:50:08 AM on ?4/?20/?2020 was unexpected.

Log: 'System' Date/Time: 20/04/2020 09:25:30
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.

Log: 'System' Date/Time: 19/04/2020 23:33:04
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service BcastDVRUserService_2bc3d with arguments "Unavailable" in order to run the server: Windows.Media.Capture.Internal.AppCaptureShell

Log: 'System' Date/Time: 19/04/2020 23:33:03
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BcastDVRUserService_2bc3d service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 19/04/2020 23:33:03
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the BcastDVRUserService_2bc3d service to connect.

Log: 'System' Date/Time: 19/04/2020 12:27:25
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service BcastDVRUserService_2bd0e with arguments "Unavailable" in order to run the server: Windows.Media.Capture.Internal.AppCaptureShell

Log: 'System' Date/Time: 19/04/2020 12:27:25
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BcastDVRUserService_2bd0e service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 19/04/2020 12:27:25
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the BcastDVRUserService_2bd0e service to connect.

Log: 'System' Date/Time: 19/04/2020 10:42:02
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service BcastDVRUserService_2bf11 with arguments "Unavailable" in order to run the server: Windows.Media.Capture.Internal.AppCaptureShell

Log: 'System' Date/Time: 19/04/2020 10:42:01
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BcastDVRUserService_2bf11 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 19/04/2020 10:42:01
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the BcastDVRUserService_2bf11 service to connect.

Log: 'System' Date/Time: 19/04/2020 09:13:51
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The NVIDIA Update Service Daemon service hung on starting.

Log: 'System' Date/Time: 19/04/2020 09:11:09
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service hung on starting.

Log: 'System' Date/Time: 18/04/2020 23:23:58
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service BcastDVRUserService_2c775 with arguments "Unavailable" in order to run the server: Windows.Media.Capture.Internal.AppCaptureShell

Log: 'System' Date/Time: 18/04/2020 23:23:58
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The BcastDVRUserService_2c775 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 18/04/2020 23:23:58
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the BcastDVRUserService_2c775 service to connect.

Log: 'System' Date/Time: 18/04/2020 22:34:24
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:  After starting, the service hung in a start-pending state.

Log: 'System' Date/Time: 18/04/2020 22:34:24
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Defender Firewall service depends on the Base Filtering Engine service which failed to start because of the following error:  After starting, the service hung in a start-pending state.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/04/2020 09:53:14
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 20/04/2020 09:19:58
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 20/04/2020 09:19:46
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 13:50:40
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 13:50:25
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 13:50:25
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 13:02:39
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 13:02:38
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 12:34:40
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 12:34:25
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 12:26:17
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 12:26:16
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 10:45:00
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 10:44:45
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 09:06:09
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name s.yimg.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 19/04/2020 09:04:10
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/04/2020 09:03:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 23:07:19
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 22:35:47
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 18/04/2020 22:34:17
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 3 minutes to start and may have stopped responding: Base Filtering Engine  Contact your system administrator or service vendor for approximate startup times for this service.  If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified.  You may have to restart the computer in safe mode before you can disable the service.

 

 

 

 

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 20/04/2020 11:04:01

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/04/2020 10:00:08
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 20/04/2020 09:27:29
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 20/04/2020 09:21:45
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program LockApp.exe version 10.0.18362.752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 16c0  Start Time: 01d616f4e045be1f  Termination Time: 4294967295  Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe  Report Id: 97c49ff1-61c2-4da4-88af-8dcd504743d2  Faulting package full name: Microsoft.LockApp_10.0.18362.449_neutral__cw5n1h2txyewy  Faulting package-relative application ID: WindowsDefaultLockScreen  Hang type: Cross-process

Log: 'Application' Date/Time: 20/04/2020 09:21:21
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SearchUI.exe version 10.0.18362.752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 1550  Start Time: 01d616f4ead57792  Termination Time: 4294967295  Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe  Report Id:   Faulting package full name: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy  Faulting package-relative application ID: CortanaUI  Hang type: Activation

Log: 'Application' Date/Time: 19/04/2020 23:33:38
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 19/04/2020 12:41:03
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 19/04/2020 10:51:00
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 19/04/2020 09:11:09
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 18/04/2020 23:24:27
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 18/04/2020 23:24:27
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 18/04/2020 22:39:23
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 18/04/2020 22:30:08
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 18/04/2020 22:30:08
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 18/04/2020 21:58:53
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SearchUI.exe version 10.0.18362.752 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 18c8  Start Time: 01d615cbab11e82c  Termination Time: 4294967295  Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe  Report Id: b5b2c6cc-ec3d-43d6-876a-342feef2943b  Faulting package full name: Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy  Faulting package-relative application ID: CortanaUI  Hang type: Quiesce

Log: 'Application' Date/Time: 18/04/2020 21:56:07
Type: Error Category: 0
Event: 1511 Source: Microsoft-Windows-User Profiles Service
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/04/2020 10:44:29
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (3232,R,98) WebCacheLocal: The shadow header page of file C:\Users\channeal\AppData\Local\Microsoft\Windows\WebCache\V01.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 18/04/2020 23:08:19
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.

Log: 'Application' Date/Time: 18/04/2020 22:54:45
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 1072 did not respond and is being forcibly terminated {filter host process 8420}.

 


  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

This is going to take about 30 minutes to complete.  Be patient.  We are checking the system files to make sure they are OK.

I'm also going to look at the file where they store your profile.

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   1.44KB   80 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#39
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 843 posts

Okay, all done.

 

I had a bit of a problem using FRST this time. When I clicked on it, I think it might have updated or something. Then the icon for it disappeared from my desktop and was replaced with a file called FRST-OlderVersion which was empty. I tried to redownload it, but it wouldn't let me at first. I rebooted and was then able to download it again. No idea what on earth was going on there!

 

I am posting the logs as attachments as the message was too long when I tried to copy and paste them. Please let me know if you want me to do it some other way.

 

Attached File  Fixlog.txt   308.18KB   83 downloads

 

Attached File  FRST.txt   145.95KB   83 downloads

 

Attached File  Addition.txt   31.11KB   85 downloads


Edited by Channeal, 20 April 2020 - 04:24 PM.

  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

FRST usually updates then says it is ready to use then removes the old version then if you wait it will pop up with the new one.

 

The alarms are mostly gone now except for the bad profile.

 

I had FRST look for the ntuser.dat file and it claims it couldn't find it.

 

Rerun FRST (remember to start by right click and Run As Admin)

put

ntuser.dat

in the search box and hit SEARCH FILES.

 

You will get one log.  Please post.


  • 0

Advertisements


#41
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 843 posts

Had the same problem with FRST today, even though I waited a long time to see if a new version appeared.

 

Here is the log: -

 

Farbar Recovery Scan Tool (x86) Version: 20-04-2020
Ran by channeal (21-04-2020 14:42:52)
Running from C:\Users\channeal\Desktop
Boot Mode: Normal

================== Search Files: "ntuser.dat" =============

C:\Windows.old\Windows\System32\config\systemprofile\ntuser.dat
[2009-07-14 05:57][2017-02-06 03:12] 000262144 _____ () 37B7B08F7A5E477E3998415123DCFBAD [File not signed]

C:\Windows.old\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
[2009-07-14 05:34][2020-04-15 15:43] 000262144 ___SH () B52D7C80A17EC84018A79D892DF24884 [File not signed]

C:\Windows.old\Windows\ServiceProfiles\LocalService\NTUSER.DAT
[2009-07-14 05:34][2020-04-15 15:43] 000262144 ___SH () E24773C48A1614581B3A7C3FDD15E535 [File not signed]

C:\Windows.old\Users\UpdatusUser\NTUSER.DAT
[2019-04-23 14:41][2020-04-15 15:43] 000262144 ___SH () 77AF219601880DF2ADC0A81A6C34AEB8 [File not signed]

C:\Windows.old\Users\Default\NTUSER.DAT
[2009-07-14 03:03][2017-02-06 03:12] 000262144 ___SH () 2426C65AE3AC9085AE28E227994154B1 [File not signed]

C:\Windows.old\Users\channeal\NTUSER.DAT
[2017-02-05 19:24][2020-04-15 15:42] 003407872 ___SH () F556C71FDFBE8AAAA5577BD2ADD7807F [File not signed]

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
[2020-04-15 16:16][2020-04-21 14:30] 000262144 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
[2020-04-15 16:16][2020-04-21 14:30] 000262144 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Users\UpdatusUser\NTUSER.DAT
[2020-04-15 16:35][2020-04-15 22:36] 000524288 ____H () 8AB43179E7617B526F4477D2A5E32338 [File not signed]

C:\Users\TEMP\NTUSER.DAT
[2020-04-21 14:39][2020-04-15 16:50] 000524288 ____H () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Users\Default\NTUSER.DAT
[2019-03-19 03:35][2020-04-15 16:50] 000524288 _____ () C667E62B2EAB9B22ABF76BE32A066994 [File not signed]

C:\Users\channeal\NTUSER.DAT
[2020-04-15 16:35][2020-04-21 14:30] 003670016 ____H () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\RegBackup\NEAL1-DELL\23.04.2019_16.14.07\C\Windows\ServiceProfiles\NetworkService\ntuser.dat
[2019-04-23 16:14][2019-04-23 16:14] 000258048 ____N () 6C5373AAFD4C46822005BBB37B60ABF5 [File not signed]

C:\RegBackup\NEAL1-DELL\23.04.2019_16.14.07\C\Windows\ServiceProfiles\LocalService\ntuser.dat
[2019-04-23 16:14][2019-04-23 16:14] 000249856 ____N () 0A84A31F7BF4752F4C7D066AF99346D0 [File not signed]

C:\RegBackup\NEAL1-DELL\23.04.2019_16.14.07\C\Users\UpdatusUser\ntuser.dat
[2019-04-23 16:14][2019-04-23 16:11] 000262144 ____N () 46A98EB1DF8994C8F4F4E19EF916735B [File not signed]

C:\RegBackup\NEAL1-DELL\23.04.2019_16.14.07\C\Users\Default\ntuser.dat
[2019-04-23 16:14][2017-02-06 03:12] 000262144 ____N () 9FD67A068367438499D46040804C0882 [File not signed]

C:\RegBackup\NEAL1-DELL\23.04.2019_16.14.07\C\Users\channeal\ntuser.dat
[2019-04-23 16:14][2019-04-23 16:14] 003194880 ____N () F3E025FFDEFA0278DCD8A8013014BD30 [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_15.31.08\C\Windows\ServiceProfiles\NetworkService\ntuser.dat
[2019-04-22 15:31][2019-04-22 15:31] 000258048 ____N () 7E5D9346C5DFABCCFA0761C3DC4E485A [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_15.31.08\C\Windows\ServiceProfiles\LocalService\ntuser.dat
[2019-04-22 15:31][2019-04-22 15:31] 000249856 ____N () 6768466A8FC5F142807276299E6435E2 [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_15.31.08\C\Users\Default\ntuser.dat
[2019-04-22 15:31][2017-02-06 03:12] 000262144 ____N () D778483A8ABBC38712E0B1617E9EC70E [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_15.31.08\C\Users\channeal\ntuser.dat
[2019-04-22 15:31][2019-04-22 15:31] 003194880 ____N () B7DDF3A873114FBA627A6907EDE1B3C2 [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.42.44\C\Windows\ServiceProfiles\NetworkService\ntuser.dat
[2019-04-22 11:42][2019-04-22 11:42] 000258048 ____N () 4282F91C6037C0CFDABA57B97A16ED96 [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.42.44\C\Windows\ServiceProfiles\LocalService\ntuser.dat
[2019-04-22 11:42][2019-04-22 11:42] 000249856 ____N () EBF5E3D48506D513D655B912AC99E0F8 [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.42.44\C\Users\Default\ntuser.dat
[2019-04-22 11:42][2017-02-06 03:12] 000262144 ____N () 0A3E794578CBF2AB830EE17D61822403 [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.42.44\C\Users\channeal\ntuser.dat
[2019-04-22 11:42][2019-04-22 11:42] 003194880 ____N () 9AB9708BEBD0CD1B3C4DF25AF3EABF52 [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.19.00\C\Windows\ServiceProfiles\NetworkService\ntuser.dat
[2019-04-22 11:19][2019-04-22 11:19] 000258048 ____N () E6574CE0AB8E1D496C0EA345DC2B7A8B [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.19.00\C\Windows\ServiceProfiles\LocalService\ntuser.dat
[2019-04-22 11:19][2019-04-22 11:19] 000249856 ____N () 9E8E4AA9CC1588B82B68B0E17034783B [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.19.00\C\Users\Default\ntuser.dat
[2019-04-22 11:19][2017-02-06 03:12] 000262144 ____N () 1D3BCE1B13B7F5C627BEE53D6F34909B [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.19.00\C\Users\channeal\ntuser.dat
[2019-04-22 11:19][2019-04-22 11:19] 003194880 ____N () 9FE524EA4495992DFD127D73416AE5C0 [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.18.28\C\Windows\ServiceProfiles\NetworkService\ntuser.dat
[2019-04-22 11:18][2019-04-22 11:18] 000258048 ____N () E6574CE0AB8E1D496C0EA345DC2B7A8B [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.18.28\C\Windows\ServiceProfiles\LocalService\ntuser.dat
[2019-04-22 11:18][2019-04-22 11:18] 000249856 ____N () 9E8E4AA9CC1588B82B68B0E17034783B [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.18.28\C\Users\Default\ntuser.dat
[2019-04-22 11:18][2017-02-06 03:12] 000262144 ____N () 1D3BCE1B13B7F5C627BEE53D6F34909B [File not signed]

C:\RegBackup\NEAL1-DELL\22.04.2019_11.18.28\C\Users\channeal\ntuser.dat
[2019-04-22 11:18][2019-04-22 11:18] 003194880 ____N () 492FF68684FA1363BD117DBBAC9E7FCF [File not signed]

C:\FRST\Hives\channeal\NTUSER.DAT
[2020-04-18 22:41][2020-04-18 16:39] 003670016 _____ () 8999507AE79D2FA1D74B73B49597A5D0 [File not signed]


====== End of Search ======


  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

So the file is there but either it does not really exist and is just in the File Allocation Table or the permissions are messed up.

This is the file that stores your profile info so it's critical.  Odds are we need to be the real administrator in order to change the permissions on it.  Open an Elevated Command Prompt and type:

 

net  user  administrator  /active:yes

 

Hit Enter.

 

Reboot.  This time you will have a choice of logins (if it automatically logs you in to channeal then first Log off before restarting).

 

Choose the Administrator option.  It won't need a password but will take a few minutes to get set up.  Once it settles down (and you cancel all of the welcome new user screens)

 

Click on the Folder icon on the taskbar or search for File Explorer and hit Enter. 

At the top hit View then check the boxes for File Name Extensions and Hidden Items.

 

Now scroll down and find This PC and  doubleclick on it.  Find C:\ (may have stuff like Windows 7 OS in front of it) and doubleclick on it.  Find Users and click on it.  Find Channeal.

 

When you doubleclick on it it will say you don't have access but hit Continue and it will give you access.

 

Scroll down until you see NTUSER.dat.  Right click on it and select Security.  All of the users should have Full Control checked in the bottom box.  If it won't let you see the permissions or you need to change something click on Advanced.  Normally the Owner (near the top) should be Channeal.  Is it?  If not click on Change and type in channeal in the bottom box then hit Check Names then OK.  It should look something like this:

 

ntuser.jpg

 

If it needs to have permissions changed you can OK out of it then come back in and select Edit on the Security page.  It should let you click on a user and then check the full control option under Allow.  Apply after each change then OK when done.  Restart into Channeal and run the same search files as before.  Let's see if that changed anything.


  • 0

#43
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 843 posts

Don't think that sorted anything!

 

It took a really long time to set up the Administrator profile - I was actually beginning to think something had gone wrong! A message flashed up once saying it was taking longer than expected, then I saw nothing but a black screen for about 20 minutes!

 

When I eventually got to the 'channeal' file, it let me have immediate access without having to click 'Continue'.

 

There were 3 users under Security: System, channeal & Administrators. All 3 already had full control, so I didn't change anything.

 

Was it the search for the ntuser.dat file you wanted repeated or the Scan from Post #40?


  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,340 posts
  • MVP

No idea why it took so long.  Usually just takes a few minutes at the most.  Sounds like the file structure has been damaged.

Let's run chkdisk:

 

 

Open an elevated command prompt and type:

chkdsk /r c:

hit Enter.  It will say the disk is in use and ask if you want to schedule it to run at the next reboot.  Tell it

y

hit Enter then reboot.  The test will run for an hour or more.  After it finishes if you want to see if it found anything you can follow the procedure in:

https://www.tenforum...ndows-10-a.html


  • 0

#45
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 843 posts

Okay, I've done it. Here are the results: -

 

Checking file system on C:

The type of the file system is NTFS.

 

A disk check has been scheduled.

Windows will now check the disk.                        

 

Stage 1: Examining basic file system structure ...

Cleaning up instance tags for file 0x115c3.

  429056 file records processed.                                                        

File verification completed.

  4588 large file records processed.                                   

  0 bad file records processed.                                      

 

Stage 2: Examining file name linkage ...

  988 reparse records processed.                                      

  563262 index entries processed.                                                       

Index verification completed.

  0 unindexed files scanned.                                        

  0 unindexed files recovered to lost and found.                    

  988 reparse records processed.                                      

 

Stage 3: Examining security descriptors ...

Cleaning up 1709 unused index entries from index $SII of file 0x9.

Cleaning up 1709 unused index entries from index $SDH of file 0x9.

Cleaning up 1709 unused security descriptors.

Security descriptor verification completed.

  67104 data files processed.                                           

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

 

Stage 4: Looking for bad clusters in user file data ...

  429040 files processed.                                                                

File data verification completed.

 

Stage 5: Looking for bad, free clusters ...

  18379311 free clusters processed.                                                       

Free space verification is complete.

 

Windows has made corrections to the file system.

No further action is required.

 

 155782025 KB total disk space.

  81554556 KB in 319099 files.

    204276 KB in 67105 indexes.

         0 KB in bad sectors.

    505949 KB in use by the system.

     65536 KB occupied by the log file.

  73517244 KB available on disk.

 

      4096 bytes in each allocation unit.

  38945506 total allocation units on disk.

  18379311 allocation units available on disk.

 

Internal Info:

00 8c 06 00 a5 e4 05 00 38 f8 0a 00 00 00 00 00  ........8.......

33 03 00 00 a9 00 00 00 00 00 00 00 00 00 00 00  3...............

 

Windows has finished checking your disk.

Please wait while your computer restarts.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP