Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

black screen - Display driver failed to start


  • Please log in to reply

#1
GhostLoad

GhostLoad

    Member

  • Member
  • PipPipPip
  • 407 posts

This all started a few days ago when my PC was rebooting after installing windows updates and the power in my house randomly cut out. Every since, I've been experiencing issues. No idea if this is causation or correlation, but more info tends to be more helpful when it comes to this either way.

 

So, no longer do I even get any Windows notification messages when it happens, but my monitors will still randomly both go black out of nowhere. A couple days ago it would spit out the notification of "Display driver failed to start; Using Microsoft basic display driver instead." This has even happened at my login screen (I think). Nothing particular seems to trigger it. I can go 10 hours playing video games with no issue, other times I'll log in and it'll happen three times in a row. Also, throughout this whole endeavor, my RGB has become completely [bleep]ed. I was using ASUS Armoury Crate for my RGB control, and it's broken. I uninstalled, and when I tried to reinstall I get an error every time. I tried using Armoury Crate Uninstall Tool as well, and that doesn’t seem to help at all.

 

A bit after everything turns black, I’ll sometimes hear that “windows disconnected noise” chime, hopefully you guys know what I mean. When it goes black, 1 of 2 things happens; the PC keeps on running but with blacked out monitors, and I have to use my phone to remote login so I can reboot. When I do that, the resolution is INSANELY small (I’ll attach a screenshot). 2nd possible thing that happens is that I CANNOT remote login or do anything, and after a couple minutes my whole PC will reboot itself.

 

I’ve tried rolling back my Windows version (no fix), making sure all the updates are installed (no fix), uninstalled the GPU drivers then reinstalled new ones (no fix), uninstalled GPU drivers and installed ones from late last year (no fix), and used the Windows media creation tool to make a Windows ISO to do a repair install of Win10 without losing my data (no fix). The last of those, in case it makes a difference, was done by mounting the ISO and running it like that.

 

I’m out of ideas, been suffering with this for 4 days now, and literally am going to fail my college courses if I can’t fix this so that I can actually do my assignments without my PC shitting out on my randomly. Thanks for reading all this and I hope to god someone can help.

 

ASUS TUF Gaming x570-Plus

Ryzen 7 3700x

32gb DDR4-3200 cas16 G.Skill

EVGA GTX 970 4gb SSC Gaming ACX 2.0

Windows 10 64-bit (on an ADATA SX8200 Pro 1TB m.2)

 

Attached Thumbnails

  • Screenshot_20210324-143831_Remote Desktop.jpg

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/


(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

chkdsk  /r  C:

 (I use two spaces so you can be sure to see where one space goes.)

hit Enter.  It will tell you it can't do it now and ask if you want to schedule it for the next reboot.  Say Y

 

Reboot.  The file system will be checked and it should take several hours depending on the size of your hard drive and the speed of your PC.

 

Once it reboots open another elevated command prompt and
Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 

sfc  /scannow

Hit Enter.

This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

Hit Enter.  Then type::

notepad  %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

If the above doesn't help and DFC didn't complain then open an elevated command prompt again and type:

dxdiag

Once it finishes (green line in bottom left goes away)

Save All Information.  Point it at your desktop and it should save it as dxdiag.txt.

Exit

Double click on dxdiag.txt and copy and paste the text into a reply.

 

Multiple replies are OK.  Best to post a log as you get it.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  


Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it.

 

 

hit Enter


 


  • 0

#3
GhostLoad

GhostLoad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 407 posts

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/


(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

chkdsk  /r  C:

 (I use two spaces so you can be sure to see where one space goes.)

hit Enter.  It will tell you it can't do it now and ask if you want to schedule it for the next reboot.  Say Y

 

Reboot.  The file system will be checked and it should take several hours depending on the size of your hard drive and the speed of your PC.

So I followed your steps up to this point, but when I restarted nothing seemed to happen, and I was back at my login after about 30 seconds or so?


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

This is what you saw with the command, correct?

 

 

C:\WINDOWS\system32>chkdsk  /r  C:
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y
This volume will be checked the next time the system restarts.

 

 

You can try again,

 

Follow the instructions here:

 

https://www.thewindo...-run-at-startup

 

or just go on.


  • 0

#5
GhostLoad

GhostLoad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 407 posts

This is what you saw with the command, correct?

 

 

C:\WINDOWS\system32>chkdsk  /r  C:
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y
This volume will be checked the next time the system restarts.

 

 

You can try again,

 

Follow the instructions here:

 

https://www.thewindo...-run-at-startup

 

or just go on.

Yep, that's exactly what it looked like. I'll continue the directions from there, though I have a feeling it didn't do the check disk :/


  • 0

#6
GhostLoad

GhostLoad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 407 posts

This is what you saw with the command, correct?

 

 

C:\WINDOWS\system32>chkdsk  /r  C:
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) y
This volume will be checked the next time the system restarts.

 

 

Follow the instructions here:

 

https://www.thewindo...-run-at-startup

Followed those instructions. BootExecute looked correct. Ran a File System Checker which found some errors or something (forgot what it said exactly) and said it fixed them. I did the chkdsk again afterwards, then restarted, and it still took me right to my login screen about 30 seconds after.


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

Can I see the VEW logs?


  • 0

#8
GhostLoad

GhostLoad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 407 posts

Can I see the VEW logs?

 

The what logs?

Oh, I didn't continue down the instruction list from your first post, because I figured something is still wrong and that's why it won't do the chkdsk


Edited by GhostLoad, 24 March 2021 - 06:17 PM.

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

Please continue.  The VEW logs may show what is wrong.

 

Looking at the dskchk it appears to call:

 

C:\Windows\System32\autochk.exe

 

so you might check to see if the file exists.  You can do it from an elevated Command Prompt:

dir  C:\Windows\System32\autochk.exe

C:\WINDOWS\system32>dir  C:\Windows\System32\autochk.exe
 Volume in drive C is Windows8_OS
 Volume Serial Number is C66E-CA3C

 Directory of C:\Windows\System32

02/21/2021  05:30 PM           972,800 autochk.exe
               1 File(s)        972,800 bytes
               0 Dir(s)  454,976,630,784 bytes free

 


 


  • 0

#10
GhostLoad

GhostLoad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 407 posts

Please continue.  The VEW logs may show what is wrong.

 

Looking at the dskchk it appears to call:

 

C:\Windows\System32\autochk.exe

 

so you might check to see if the file exists.  You can do it from an elevated Command Prompt:

dir  C:\Windows\System32\autochk.exe

C:\WINDOWS\system32>dir  C:\Windows\System32\autochk.exe
 Volume in drive C is Windows8_OS
 Volume Serial Number is C66E-CA3C

 Directory of C:\Windows\System32

02/21/2021  05:30 PM           972,800 autochk.exe
               1 File(s)        972,800 bytes
               0 Dir(s)  454,976,630,784 bytes free

 

 

Okay I'll continue the steps. Looks like the autochk is there

elZ9MB6.png


  • 0

Advertisements


#11
GhostLoad

GhostLoad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 407 posts

 

After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 24/03/2021 10:19:51 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/03/2021 6:51:55 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/03/2021 6:52:12 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0xfffff80175cfb320, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 663486b8-c7d6-4f86-b956-990ac1afa575.
 
Log: 'System' Date/Time: 24/03/2021 6:52:08 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 2:39:27 PM on ?3/?24/?2021 was unexpected.
 
Log: 'System' Date/Time: 24/03/2021 6:16:35 PM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The AsusUpdateCheck service did not shut down properly after receiving a preshutdown control.
 
Log: 'System' Date/Time: 24/03/2021 5:31:32 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The SDWSCService service depends on the wscsvc service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Log: 'System' Date/Time: 24/03/2021 5:30:40 PM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The AsusUpdateCheck service did not shut down properly after receiving a preshutdown control.
 
Log: 'System' Date/Time: 24/03/2021 5:30:24 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The Foxit Reader Update Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Log: 'System' Date/Time: 24/03/2021 5:29:18 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The netprofm service terminated with the following error:  The device is not ready.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/03/2021 1:43:41 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 1:43:40 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 1:43:38 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 1:43:37 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 1:43:28 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 1:43:18 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 1:43:11 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 1:43:11 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 1:42:50 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ROOT\WindowsHelloFaceSoftwareDriver\0000.
 
Log: 'System' Date/Time: 25/03/2021 1:42:19 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\IntelWifiIhv08.dll 
 
Log: 'System' Date/Time: 25/03/2021 12:54:57 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 25/03/2021 12:54:55 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 24/03/2021 10:32:56 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 24/03/2021 10:32:56 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 24/03/2021 10:24:53 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 24/03/2021 10:24:52 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 24/03/2021 10:24:51 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 24/03/2021 10:24:49 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 24/03/2021 10:24:33 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 24/03/2021 10:24:30 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user MIZ-PC\Miz SID (S-1-5-21-3466475401-2357420200-2576914407-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

  • 0

#12
GhostLoad

GhostLoad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 407 posts

 

 

After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 24/03/2021 10:25:04 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/03/2021 10:58:20 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SDScan.exe version 2.7.64.191 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 834  Start Time: 01d720fd25a5954b  Termination Time: 4  Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe  Report Id: 1b13c275-eeba-4310-a0ce-4e11303bf0ee  Faulting package full name:   Faulting package-relative application ID:   Hang type: Unknown 
 
Log: 'Application' Date/Time: 24/03/2021 10:22:48 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. . 
 
Log: 'Application' Date/Time: 24/03/2021 10:22:48 PM
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] 
 
Log: 'Application' Date/Time: 24/03/2021 8:20:04 PM
Type: Error Category: 0
Event: 0 Source: Office 2016 Licensing Service
The operation completed successfully.
 
Log: 'Application' Date/Time: 24/03/2021 6:52:19 PM
Type: Error Category: 1
Event: 3 Source: chromoting
Access denied for client: [email protected]/chromoting_ftl_4c9d8cdd-ea61-4bc6-ac40-0fd86fcb8d3b.
 
Log: 'Application' Date/Time: 24/03/2021 6:52:19 PM
Type: Error Category: 1
Event: 3 Source: chromoting
Access denied for client: [email protected]/chromoting_ftl_1f1a2f9e-f8f3-457b-af38-7cf571626f4c.
 
Log: 'Application' Date/Time: 24/03/2021 6:52:19 PM
Type: Error Category: 1
Event: 3 Source: chromoting
Access denied for client: [email protected]/chromoting_ftl_d5f9e7c0-c0bb-4c8a-96cc-85358bce70ef.
 
Log: 'Application' Date/Time: 24/03/2021 6:52:19 PM
Type: Error Category: 1
Event: 3 Source: chromoting
Access denied for client: [email protected]/chromoting_ftl_1c973285-73e9-4254-941f-7da5f4127c56.
 
Log: 'Application' Date/Time: 24/03/2021 6:41:29 PM
Type: Error Category: 0
Event: 10007 Source: Microsoft-Windows-RestartManager
Application or service 'ROG Live Service' could not be restarted.
 
Log: 'Application' Date/Time: 24/03/2021 6:40:01 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: FrameworkServiceSetup.exe, version: 1.0.2.0, time stamp: 0xa620dac4 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0xb610d74d Exception code: 0xe0434352 Fault offset: 0x0012a8b2 Faulting process id: 0x3d1c Faulting application start time: 0x01d720dd19395f47 Faulting application path: C:\ProgramData\ASUS\ROGLiveServiceTemp\V2.0.2.2\FrameworkServiceSetup.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 7acb8534-4539-44c9-80bf-64190e873d1d Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 24/03/2021 6:40:01 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: FrameworkServiceSetup.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at System.Diagnostics.Process.StartWithCreateProcess(System.Diagnostics.ProcessStartInfo)
   at System.Diagnostics.Process.Start()
   at InstallerWrap.Program.processRegistryKey(Microsoft.Win32.RegistryKey)
   at InstallerWrap.Program.searchRegistryAndUninstall(Boolean)
   at InstallerWrap.Program.Main(System.String[])
 
 
 
Log: 'Application' Date/Time: 24/03/2021 6:39:59 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: FrameworkServiceSetup.exe, version: 1.0.2.0, time stamp: 0xa620dac4 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0xb610d74d Exception code: 0xe0434352 Fault offset: 0x0012a8b2 Faulting process id: 0xc0c Faulting application start time: 0x01d720dd17f4c9bd Faulting application path: C:\ProgramData\ASUS\ROGLiveServiceTemp\V2.0.2.2\FrameworkServiceSetup.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: b03723fe-9794-4efb-ac19-2831a2282ac4 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 24/03/2021 6:39:59 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: FrameworkServiceSetup.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at System.Diagnostics.Process.StartWithCreateProcess(System.Diagnostics.ProcessStartInfo)
   at System.Diagnostics.Process.Start()
   at InstallerWrap.Program.processRegistryKey(Microsoft.Win32.RegistryKey)
   at InstallerWrap.Program.searchRegistryAndUninstall(Boolean)
   at InstallerWrap.Program.Main(System.String[])
 
 
 
Log: 'Application' Date/Time: 24/03/2021 6:34:52 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xe0464645 Fault offset: 0x000000000010bd5c Faulting process id: 0xcbc Faulting application start time: 0x01d720dc60081162 Faulting application path: C:\WINDOWS\system32\dwm.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 4f1b95f7-17ee-49cc-9d5a-6d3b978f38f2 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 24/03/2021 6:34:49 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xe0464645 Fault offset: 0x000000000010bd5c Faulting process id: 0x1c78 Faulting application start time: 0x01d720dc5e6d7d90 Faulting application path: C:\WINDOWS\system32\dwm.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 57b64107-5d63-4718-abd9-69822544029a Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 24/03/2021 6:34:46 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xe0464645 Fault offset: 0x000000000010bd5c Faulting process id: 0x4f9c Faulting application start time: 0x01d720dc5cf8874c Faulting application path: C:\WINDOWS\system32\dwm.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 1f69b25d-3af1-4c2a-9a14-412dd5979239 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 24/03/2021 6:34:44 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xe0464645 Fault offset: 0x000000000010bd5c Faulting process id: 0x1a24 Faulting application start time: 0x01d720dc5b901dce Faulting application path: C:\WINDOWS\system32\dwm.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: fa75ad24-b0fe-4d0f-b7ff-c768c8a15b79 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 24/03/2021 6:34:42 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xe0464645 Fault offset: 0x000000000010bd5c Faulting process id: 0x42d4 Faulting application start time: 0x01d720dc5a2aa9cc Faulting application path: C:\WINDOWS\system32\dwm.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 92c90278-c4ea-4176-ac52-b0579a7c8f99 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 24/03/2021 6:34:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xe0464645 Fault offset: 0x000000000010bd5c Faulting process id: 0x29c0 Faulting application start time: 0x01d720dc58b15325 Faulting application path: C:\WINDOWS\system32\dwm.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 735848b2-c51c-4a4e-9907-affc2902e2fa Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 24/03/2021 6:34:37 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: dwm.exe, version: 10.0.19041.746, time stamp: 0x6be51595 Faulting module name: KERNELBASE.dll, version: 10.0.19041.804, time stamp: 0x0e9c5eae Exception code: 0xe0464645 Fault offset: 0x000000000010bd5c Faulting process id: 0x39f0 Faulting application start time: 0x01d720dc57443d8d Faulting application path: C:\WINDOWS\system32\dwm.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 9076e46d-5080-4440-aace-2d1b3ad011cc Faulting package full name:  Faulting package-relative application ID: 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/03/2021 1:43:09 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 10:23:52 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 9:28:34 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 9:26:38 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 8:42:23 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 8:42:17 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 7:32:43 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 7:28:11 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 7:12:55 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 7:12:47 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 6:52:18 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 6:39:38 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c9 e1 1f cd a5 f7 88 4f 3c 07 df 2e a7 cb 87 85 b3 0d ab 49 is about to expire or already expired.
 
Log: 'Application' Date/Time: 24/03/2021 6:34:53 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 8, Primary display device ID: NVIDIA GeForce GTX 970)
 
Log: 'Application' Date/Time: 24/03/2021 6:34:50 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 7, Primary display device ID: NVIDIA GeForce GTX 970)
 
Log: 'Application' Date/Time: 24/03/2021 6:34:47 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 6, Primary display device ID: NVIDIA GeForce GTX 970)
 
Log: 'Application' Date/Time: 24/03/2021 6:34:45 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 5, Primary display device ID: NVIDIA GeForce GTX 970)
 
Log: 'Application' Date/Time: 24/03/2021 6:34:43 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 4, Primary display device ID: NVIDIA GeForce GTX 970)
 
Log: 'Application' Date/Time: 24/03/2021 6:34:40 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 3, Primary display device ID: NVIDIA GeForce GTX 970)
 
Log: 'Application' Date/Time: 24/03/2021 6:34:38 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 2, Primary display device ID: NVIDIA GeForce GTX 970)
 
Log: 'Application' Date/Time: 24/03/2021 6:34:35 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 1, Primary display device ID: NVIDIA GeForce GTX 970)

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

If you just click at the bottom below Reply to This Topic, you can reply without it quoting my last post.

 

This is a possible clue:

 

Log: 'System' Date/Time: 24/03/2021 6:52:12 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000133 (0x0000000000000001, 0x0000000000001e00, 0xfffff80175cfb320, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 663486b8-c7d6-4f86-b956-990ac1afa575.

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

 

This one is also interesting:

 
Log: 'Application' Date/Time: 24/03/2021 6:34:53 PM
Type: Warning Category: 0
Event: 0 Source: Dwminit
The Desktop Window Manager process has exited. (Process exit code: 0xe0464645, Restart count: 8, Primary display device ID: NVIDIA GeForce GTX 970)
 

 

This is your display crashing.  Apparently the GEFORCE driver is at fault but they haven't made a new driver in a while.  This guy claims he fixed it by:

 

After doing research and reading that this DWM basically is in charge of visual effects on screen I decided to disable every visual effect in performance options.

 

 

https://www.reddit.c...ess_has_exited/

 

This site tells how to disable visual effects:

 

https://www.intowind... visual effects.


  • 0

#14
GhostLoad

GhostLoad

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 407 posts
==================================================
Dump File         : 032421-18281-01.dmp
Crash Time        : 3/24/2021 2:51:18 PM
Bug Check String  : 
Bug Check Code    : 0x00000133
Parameter 1       : 00000000`00000001
Parameter 2       : 00000000`00001e00
Parameter 3       : fffff801`75cfb320
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+3f5c50
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+3f5c50
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\032421-18281-01.dmp
Processors Count  : 16
Major Version     : 15
Minor Version     : 19041
Dump File Size    : 6,104,388
Dump File Time    : 3/24/2021 2:52:12 PM
==================================================






I also followed the instructions for disabling visual effects

Edited by GhostLoad, 24 March 2021 - 10:01 PM.

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,721 posts
  • MVP

The BSOD was caused by a Windows file.  Usually this means something got too hot.

 

Run Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  
Win 10 hides icons by default so: Settings, Personalization,  Taskbar, Select which Icons appear on Taskbar,  then turn Speedfan ON.
With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 

We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.

 

Sometimes we get more info from WhoCrashed so if it doesn't seem to be running hot :

 

See if you can get Who Crashed to work:


http://www.resplendence.com/downloads
Then click on Download free home edition

where it says:

WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)

Right click on the downloaded files and Run As Admin.  Once you agree to the terms and Install it then Finish it should open Who Crashed.  Click on Analyze.  Once it finishes scroll down to the bottom and copy the report and paste it into a reply.




Bed time for me.   Midnight here.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP