Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Update Problem


  • Please log in to reply

#61
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Your Addition.txt file is missing the bottom half.  Can you repost?


  • 0

Advertisements


#62
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Sorry about that, no idea what happened there. The scan obviously didn't finish for some reason.

 

I ran it again. Windows Defender is very annoying as it had deleted FRST again and so I had to disable it and then download again!  :(

 

Attached File  FRST.txt   150.47KB   236 downloads

 

Attached File  Addition.txt   33.08KB   235 downloads

 

Hope everthing is okay this time. Thanks very much for all the time you are spending helping me with this. Am sorry it is taking so long.

 

 

 

 

 

 

 

 


  • 0

#63
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

2nd MESSAGE.

 

While I am waiting for a reply, I just wanted to ask a question about whether there is any way I can stop Windows Defender from deleting FRST from my desktop. Maybe a way of excluding it? It was there when I logged on today, but Defender then got rid of it without me even agreeing!


  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I'm fine.  Just took a day off to do nothing.

 

I think I would exclude your desktop folder since that's where FRST lives or you might be able to exclude FRST64.exe and FRST.exe processes:

 

https://www.windowsc...antivirus-scans

 

I think that explains why FRST was having problems updating.  Windows Defender was eating the new file.

 

The following fixlist is to be run from your new login.

 

Attached File  fixlist.txt   16.65KB   241 downloads

 

Please give a new FRST scan from your new login after the fix and reboot.

 

 

 

 


  • 0

#65
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

That's good, hope you enjoyed your well-deserved day off. I don't care how long people take to reply - though I was a bit concerned in case you had not been notified of my reply, as I think I did read at one point that you had been having problems with that.

 

Thanks for the link on how to exclude something in Defender. I looked around it before to try to see how to do it and have no idea now how I missed it, as it should have been obvious! Think all this computer stuff must have messed with my brain! :(

 

Here are the FRST results: -

 

Attached File  Fixlog.txt   25.21KB   226 downloads

 

Attached File  FRST.txt   138.62KB   235 downloads

 

Attached File  Addition.txt   25.05KB   235 downloads

 

 

 

 

 

 


  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  We can try to fix the original logon problem which is going to require going into the registry:

 

If we look at the Addition.txt then:

==================== Accounts: =============================

Administrator (S-1-5-21-2559438547-1515831249-1651957702-500 - Administrator - Enabled) => C:\Users\Administrator
channeal (S-1-5-21-2559438547-1515831249-1651957702-1000 - Administrator - Enabled) => C:\Users\channeal
DefaultAccount (S-1-5-21-2559438547-1515831249-1651957702-503 - Limited - Disabled)
Guest (S-1-5-21-2559438547-1515831249-1651957702-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2559438547-1515831249-1651957702-1002 - Limited - Enabled)
nealfamily (S-1-5-21-2559438547-1515831249-1651957702-1004 - Administrator - Enabled) => C:\Users\nealfamily
UpdatusUser (S-1-5-21-2559438547-1515831249-1651957702-1003 - Limited - Enabled) => C:\Users\TEMP
WDAGUtilityAccount (S-1-5-21-2559438547-1515831249-1651957702-504 - Limited - Disabled)

is the one we need to play with per the instructions I gave you a while back.

 

Alternatively you can copy the file from your old account to the new account and just use that.  This way you don't have to mess with the registry.

 

The procedure is not as straight forward as one would like but it goes like this

 

Log in to your old account:

 

 

  1. Press Windows + X keys on the keyboard, select Control Panel.

  2. Select System and Security and then System.

  3. Click Advanced System Settings.

  4. Under User Profiles, click Settings.

  5. Select the profile you want to copy.

  6. Click Copy to, and then enter the name of, or browse to, the profile you want to overwrite.   We have to first move it to Public thanks to some stupid permission problems.

  7. This will usually be in C:\Users\Public

  8. Click Permitted to use, and then add all user accounts to which you want to give full profile control.

  9. Click OK.

Now log into your new account and repeat the above but Copy from Public to your new nealfamily account

 


 


  • 0

#67
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Okay...... I have read through your message several times and am struggling a bit to understand.......

 

Dealing with the second option first, as it seems to be the easiest (although I am thinking I would probably prefer to do the first if possible, this because I would just like to get everything back to as normal as possible - that's just me, I guess!)

 

So...... I got to the screen showing the different profiles as follows: -

 

UserProfiles.jpg

 

You can see that 'Default Profile' is highlighted and that there is the option to click on 'Copy To'.

However, if I highlight the 'Channeal' profile - or indeed, any of the others - the option to 'Copy To' is whited out so that I cannot click on it. So how could I copy the 'Channeal' profile?

 

 

 

 

Moving on to the registry editing option...... when you said 'per the instructions I gave you a while back' were you talking about the instructions in https://www.itsmdaily.com......? If so, I cannot  work out how to apply them to the account highlighted in your quote from Addition.txt.

 

This is what I get from the Registry: -

 

Registry-ProfileList.jpg

 

 

The account that has two versions, including a .bak one, is the one ending in 1003, i.e. the Updatus User one. So how do I apply the instructions in the link to the 'Channeal' one?

 

Most likely though, I have completely got the wrong end of the stick. I can be incredibly stupid when it comes to technical stuff, I am afraid. Sometimes I wonder why I even try < big sigh>.........


Edited by Channeal, 26 April 2020 - 08:03 AM.

  • 0

#68
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

In the User Profile example were you logged in as the new user or the old?  If you were the old try logging in as the Administrator.  Sometimes Administrator can do stuff that users with administrative powers can't do.

 

In the registry example it looks like we are out of luck.  No backup available.


  • 0

#69
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Well, I didn't have much success with that..........

 

I used the computer all morning. We watched a live stream and all was okay, except for the fact that the sound wasn't working properly - sound was only coming from one of the five speakers.

 

Later I decided to log in as Administrator and try to fix the profile issue. I got the desktop for just a few seconds and then the screen went black.

 

I turned it off at the switch and tried to start again. This time it only gave me the option to log in as Administrator - and again, the same thing happened with the black screen. Eventually I managed to get back to my usual log-in by clicking quickly on the start menu and changing profiles from there.

 

I ran Vew again in case you can get an idea of what happened from it.

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 27/04/2020 15:10:26


Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/04/2020 13:48:56
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/04/2020 13:56:37
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: Microsoft.XboxGamingOverlay_5.120.4062.0_x86__8wekyb3d8bbwe!App.AppXrfdt3p0f38tc4nxz7ajrd5as6ctb0dck.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.120.4062.0_x86__8wekyb3d8bbwe\GameBar.exe" -ServerName:App.AppXbdkk0yrkwpcgeaem8zk81k8py1eaahny.mca

Log: 'System' Date/Time: 27/04/2020 13:53:30
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: Microsoft.Windows.ContentDeliveryManager_10.0.18362.449_neutral_neutral_cw5n1h2txyewy!App.AppXea6epmb5w19sjwy9ckw8md46dm93nhkq.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Log: 'System' Date/Time: 27/04/2020 13:51:14
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 27/04/2020 13:50:18
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: Microsoft.Windows.ContentDeliveryManager_10.0.18362.449_neutral_neutral_cw5n1h2txyewy!App.AppXea6epmb5w19sjwy9ckw8md46dm93nhkq.mca as Unavailable/Unavailable. The error: "2147942402" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

Log: 'System' Date/Time: 27/04/2020 13:41:41
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 26/04/2020 22:58:01
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 25/04/2020 14:04:25
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/04/2020 14:04:24
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/04/2020 14:04:24
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 25/04/2020 14:04:23
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/04/2020 14:01:04
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 13:58:19
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 13:58:19
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 13:58:19
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 10:57:44
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 10:57:43
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 10:57:43
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 10:54:56
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 10:54:29
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 27/04/2020 10:54:26
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 13:33:50
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 13:33:50
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 11:01:06
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 10:22:13
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 10:22:12
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 09:03:40
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 09:01:09
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 08:58:22
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 08:58:22
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 26/04/2020 08:57:21
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user NEAL1-DELL\channeal SID (S-1-5-21-2559438547-1515831249-1651957702-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

 

 

 

 

 

 

 

 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 27/04/2020 15:08:32


Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/04/2020 14:08:29
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:08:19
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:08:08
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:07:58
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:07:48
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:07:38
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:07:28
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:07:18
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:07:07
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:06:57
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:06:47
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:06:37
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:06:27
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:06:17
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:06:06
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:05:56
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:05:46
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:05:36
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:05:26
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 27/04/2020 14:05:15
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/04/2020 08:58:40
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.

 

 

 

 

 

 

Do you think running the Windows All-in-One Repair program might help?

 

I am really regretting trying to update to Windows 10 now! :)  Do you think this computer is - after all - just too old for it?





 


Edited by Channeal, 27 April 2020 - 09:16 AM.

  • 0

#70
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Lots of these errors:

 

Log: 'Application' Date/Time: 27/04/2020 14:08:29
Type: Error Category: 1
Event: 490 Source: ESENT
taskhostw (4072,D,50) WebCacheLocal: An attempt to open the file "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

 

We can try and fix it with a quick fixlist.  This just resets the permissions on WebCacheV01.dat  Will not need a reboot.

 

 

Attached File  fixlist.txt   302bytes   231 downloads

 

Post the fixlog so I can see if it had any effect.

 

An alternative to the official way to move profile data is  to take ownership of the files in the other profile and add your login to the access list in permissions.  We can try to see if a fixlist can do it for you but I will wait to see how the above works.

 

 


  • 0

Advertisements


#71
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
I feel the need to have a bit of a break from this. I'll be back in a few days.
  • 0

#72
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

I ran the fixlist. Here is the fixlog: -

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-04-2020
Ran by channeal (30-04-2020 14:18:06) Run:7
Running from C:\Users\channeal\Desktop\FRST
Loaded Profiles: channeal & UpdatusUser (Available Profiles: channeal & UpdatusUser & nealfamily & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
ListPermissions: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
SetDefaultFilePermissions: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
ListPermissions: C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
*****************

===================================
permissions of "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat":

Owner: BUILTIN\Administrators

DACL(AI):

EVERYONE    DENY    FULL    (NI)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (OI-CI-I)
BUILTIN\Administrators    ALLOW    FULL    (OI-CI-I)
LOCAL\Administrator    ALLOW    FULL    (OI-CI-I)

===================================
"C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" => Default permissions restored successfully.
===================================
permissions of "C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat":

Owner: BUILTIN\Administrators

DACL(AI):

BUILTIN\Administrators    ALLOW    FULL    (NI)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (NI)
BUILTIN\Users    ALLOW    READ/EXECUTE    (NI)
NT AUTHORITY\Authenticated Users    ALLOW    MODIFY    (NI)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (OI-CI-I)
BUILTIN\Administrators    ALLOW    FULL    (OI-CI-I)
LOCAL\Administrator    ALLOW    FULL    (OI-CI-I)

===================================

==== End of Fixlog 14:18:06 ====

 

 

 

 

While writing this message, I have received a virus notification from Defender. I thought it was somehow picking up the FRST thing again, as I believe it is the same virus it told me about before. However, it seems to be referring to something different. Here is a screenshot.

 

viruswarning.jpg

 

What is the IG Dump. Is it somehow related to FRST?

 

Thank you for your help.


  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Fixlist appears to have worked.  You would have to try to log into the Administrator account to see if it helped.

 

IGDUMP is something used by MalwareBytes so it's another false positive.

 

https://forums.malwa...these-used-for/


  • 0

#74
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Thanks for the info about the virus alert. Defender doesn't seem to be such a pain on my laptop, for some strange reason!

 

Apologies..... the virus alert distracted me. I meant to tell you that immediately after running the fix, I tried to log into the Administrator account - without success. Exactly the same thing happened as before, with the black screen.


  • 0

#75
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

OK.  Can I see another VEW?

 

Open File Explorer and go to C:\Users\Channeal

Right click on Documents and select Copy.

 

Now go to C:\Users\nealfamily

 

It may say you don't have access but offer to give you access.  Continue

Once that finishes click on Users in the pane above ( where it says This PC > (C:) > Users > nealfamily

Right click on nealfamily and Paste.  It will tell you the folder already exists.  Continue or OK.  Near the end of the copy it will say a file already exists.  Replace it.

 

Go back to C:\Users\Channeal and copy the next folder you see then click on Users in the pane above ( where it says This PC > (C:) > Users > nealfamily

Right click on nealfamily and Paste.  It will tell you the folder already exists.  Continue or OK.  Near the end of the copy it will say a file already exists.  Replace it.


Continues until all folders have been copied (Don't try to copy AppData if you see it).  Then log into nealfamily and see if anything is missing.

 

Repeat for Contacts, Desktop, Downloads,


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP