Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Left button on mouse shows right button menu


Best Answer RKinner , 02 January 2020 - 08:20 AM

Glad we could help.  Come back if the problem comes back.  I won't lock this thread. Go to the full post »


  • Please log in to reply

#1
debodun

debodun

    Member

  • Member
  • PipPipPip
  • 447 posts

This started today. It is intermittent, but annoying that when I click the left button the the mouse (Logitch M100 wired to USB) it's like I right click and see the attached menu and the cursor freezes for a few seconds. Why is it doing this and is there any "fix"? Thanks.

Attached Thumbnails

  • mouse menu.jpg

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,460 posts
  • MVP

Are you using their set point software?

 

https://www.drivers-...ch-m100-driver/

 

It may be crashing on you.  We can look:

 


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


 


  • 0

#3
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/12/2019 1:30:22 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/12/2019 10:56:13 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Log: 'System' Date/Time: 23/12/2019 10:56:08 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Log: 'System' Date/Time: 23/12/2019 10:56:03 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy3.

Log: 'System' Date/Time: 23/12/2019 10:55:56 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy6.

Log: 'System' Date/Time: 23/12/2019 10:55:49 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy11.

Log: 'System' Date/Time: 23/12/2019 10:55:38 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy21.

Log: 'System' Date/Time: 23/12/2019 10:55:34 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy18.

Log: 'System' Date/Time: 23/12/2019 10:55:30 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy12.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2019 3:11:00 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 26/12/2019 3:21:17 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 25/12/2019 4:16:50 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_040A&PID_0587\KCKDY54113842.

Log: 'System' Date/Time: 25/12/2019 3:12:59 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 24/12/2019 2:55:43 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 23/12/2019 6:57:14 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_040A&PID_0587\KCKDY54113842.

Log: 'System' Date/Time: 23/12/2019 5:46:25 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 22/12/2019 5:06:34 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_040A&PID_0587\KCKDY54113842.

Log: 'System' Date/Time: 22/12/2019 4:53:48 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 21/12/2019 6:05:52 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_040A&PID_0587\KCKDY54113842.

Log: 'System' Date/Time: 21/12/2019 4:53:36 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 20/12/2019 7:39:09 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 19/12/2019 9:35:31 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_040A&PID_0587\KCKDY54113842.

Log: 'System' Date/Time: 19/12/2019 3:11:47 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 18/12/2019 3:31:47 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 17/12/2019 4:21:50 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 16/12/2019 6:31:51 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_040A&PID_0587\KCKDY54113842.

Log: 'System' Date/Time: 16/12/2019 5:37:29 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 15/12/2019 4:52:01 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 14/12/2019 4:32:26 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.


 


Edited by debodun, 27 December 2019 - 12:31 PM.

  • 0

#4
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 27/12/2019 1:31:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/12/2019 8:31:28 PM
Type: Error Category: 0
Event: 1287 Source: Firefox
The event description cannot be found.

Log: 'Application' Date/Time: 25/11/2019 10:17:10 PM
Type: Error Category: 0
Event: 1287 Source: Firefox
The event description cannot be found.

Log: 'Application' Date/Time: 23/10/2019 7:46:35 PM
Type: Error Category: 0
Event: 1287 Source: Firefox
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/12/2019 1:40:17 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   8 user registry handles leaked from \Registry\User\S-1-5-21-3384263181-369055421-3260215636-1000:
Process 1936 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1936 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1936 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1936 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1936 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1936 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Root
Process 1936 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\CA
Process 1936 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\trust


Log: 'Application' Date/Time: 25/10/2019 5:34:55 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   5 user registry handles leaked from \Registry\User\S-1-5-21-3384263181-369055421-3260215636-1000:
Process 1960 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1960 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1960 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1960 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Root
Process 1960 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\trust


Log: 'Application' Date/Time: 19/10/2019 9:36:39 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-3384263181-369055421-3260215636-1000:
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Root
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\My
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\CA
Process 1928 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\trust


Log: 'Application' Date/Time: 17/10/2019 9:07:31 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   12 user registry handles leaked from \Registry\User\S-1-5-21-3384263181-369055421-3260215636-1000:
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Root
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\My
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\CA
Process 1028 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\trust


Log: 'Application' Date/Time: 14/10/2019 9:16:52 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   15 user registry handles leaked from \Registry\User\S-1-5-21-3384263181-369055421-3260215636-1000:
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Policies\Microsoft\SystemCertificates
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Root
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\My
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\CA
Process 1924 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3384263181-369055421-3260215636-1000\Software\Microsoft\SystemCertificates\trust



 


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,460 posts
  • MVP

Log: 'System' Date/Time: 23/12/2019 10:56:13 PM
Type: Error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

 

 

You need to run chkdsk on each drive:

 

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.



2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 


  • 0

#6
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts

A few questions:

 

Where is the MY COMPUTER you mentioned to click on?

 

Also, when I looked at the Event Viewer logs and right clicked on SYSTEM, I didn't see the option CLEAR (see attached screenshot).

 

Would it help you to know my OS is Windows 7 - 64 bit?

Attached Thumbnails

  • event viewer.jpg

Edited by debodun, 28 December 2019 - 12:46 PM.

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,460 posts
  • MVP

I think on a Win 7 it is simply called Computer.

 

Click on the arrow in front of the Windows Logs so that it opens up.

 

Then you can right click on Application and System and Clear.


  • 0

#8
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts

Here is a screenshot of my desktop icons:

 

 

Attached Thumbnails

  • desktop.jpg

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,460 posts
  • MVP

Usually you just press the start button and you will see Computer in the second column.


  • 0

#10
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts

CHKDSK ran almost 4 hours, but at the end said it was clean.

 

scannow did not find any errors (see attached screenshot)

 

Here are the VEW.exe scans:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/12/2019 8:25:19 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/12/2019 12:51:52 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of
libraries to ensure they are related to trusted applications.

 

 

 

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/12/2019 8:27:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Attached Thumbnails

  • scannow.jpg

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,460 posts
  • MVP

Is the mouse button behaving now?

 

Let's look at the only error and see if anything is really loading.  Copy the next line:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows"

 

Open an Elevated Command Prompt and then right click and if the copied line doesn't appear, Paste or Edit then Paste.  Hit Enter.

 

You should get something like:


 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    (Default)    REG_SZ    mnmsrvc
    AppInit_DLLs    REG_SZ
    DdeSendTimeout    REG_DWORD    0x0
    DesktopHeapLogging    REG_DWORD    0x1
    DeviceNotSelectedTimeout    REG_SZ    15
    DwmInputUsesIoCompletionPort    REG_DWORD    0x1
    EnableDwmInputProcessing    REG_DWORD    0x7
    GDIProcessHandleQuota    REG_DWORD    0x2710
    IconServiceLib    REG_SZ    IconCodecService.dll
    LoadAppInit_DLLs    REG_DWORD    0x0
    NaturalInputHandler    REG_SZ    Ninput.dll
    ShutdownWarningDialogTimeout    REG_DWORD    0xffffffff
    Spooler    REG_SZ    yes
    ThreadUnresponsiveLogTimeout    REG_DWORD    0x1f4
    TransmissionRetryTimeout    REG_SZ    90
    USERNestedWindowLimit    REG_DWORD    0x32
    USERPostMessageLimit    REG_DWORD    0x2710
    USERProcessHandleQuota    REG_DWORD    0x2710
    Win32kLastWriteTime    REG_SZ    1D5B0830F25B995

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Win32knsWPP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Win32kWPP

 

 

 

If your output has:

  AppInit_DLLs    REG_SZ

 

with nothing after the SZ (on the same line) then

 

you should have:

LoadAppInit_DLLs    REG_DWORD    0x0

 

Often instead of 0x0 you will have 0x1.  This happens when a program that did put a DLL on the Appinit_DLLs line is uninstalled and forgets to change the LoadAppInit_DLLs back to 0x0.  Of course if you do have something after the SZ (tell me what you see) then 0x1 is correct and the error can be ignored.

 

If you have nothing after SZ then download and save the attached wininit.zip. 

Attached File  wininit.zip   336bytes   38 downloads

Right click on it and Extract All Extract.  That should give you  a folder called wininit and inside should be wininit.reg.  Right click on it and merge.  Ignore the warning.

 

This will fix the error if the problem is just that LoadAppInit_DLLs is set incorrectly.  Do not run it if you have a dll file after the SZ!

 

 

 


  • 0

#12
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts

Is the mouse button behaving now?

 

No, it's still doing the right menu thing, but it seems to be worse after first booting up. It does it less as time goes on, but not absolutely.

 

 

 

 And when you said:

Let's look at the only error and see if anything is really loading.  Copy the next line:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows"

 

Does copy include reg query or just the capitalized letters?


Edited by debodun, 30 December 2019 - 10:14 AM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,460 posts
  • MVP

Copy all of it.

 

Search for:

sevice manager

hit Enter

 

Click on the arrow in front of Mice & Other pointing devices

 

Right click on your mouse and Uninstall.

 

Reboot

 

Go to Control Panel, Mouse.  Verify that the Switch primary and secondary buttons box is not checked.  Sometimes it helps to check the box, Apply then uncheck the box and Apply.


  • 0

#14
debodun

debodun

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 447 posts

For some reason, I can't paste the

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows"

into the elevated command prompt. This is what I see when I CTRL V to paste:

 

 

 

 

 

 

 

 

 

 

 

 

 

Attached Thumbnails

  • cmd.jpg

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,460 posts
  • MVP

You can't use Ctrl + v in Command prompt window.  Have to right click and then sometimes Paste or Edit then Paste.  On mine a simple right click seems to cause it to paste but on others you have to select from a menu.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP