Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/11/2019 01:16:28
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/11/2019 01:15:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 19/11/2019 01:14:46
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: epp fltsrv
Log: 'System' Date/Time: 19/11/2019 01:14:41
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Malwarebytes Anti-Exploit Service service hung on starting.
Log: 'System' Date/Time: 19/11/2019 01:13:17
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcrSch2Svc service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Random Browser dropouts especially on startup & eventviewer proble
#16
Posted 18 November 2019 - 07:17 PM

#17
Posted 18 November 2019 - 07:42 PM

Can you run VEW and have it show Applications errors?
#18
Posted 19 November 2019 - 08:02 AM

Oops didn't read that last bit, apologies.
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/11/2019 14:01:33
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/11/2019 01:19:55
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ONENOTE.EXE, version: 16.0.12130.20272, time stamp: 0x5db3ab70 Faulting module name: ntdll.dll, version: 6.1.7601.24535, time stamp: 0x5dc1e8db Exception code: 0xc0000005 Fault offset: 0x0004ebc3 Faulting process id: 0x11f0 Faulting application start time: 0x01d59e776c2cfc4b Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: b104b753-0a6a-11ea-b8d9-00248c02da27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/11/2019 13:54:47
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.
Log: 'Application' Date/Time: 19/11/2019 01:25:13
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:
Log: 'Application' Date/Time: 19/11/2019 01:14:48
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.
Log: 'Application' Date/Time: 19/11/2019 01:11:59
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:
#19
Posted 19 November 2019 - 08:40 AM

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sc delete fltsrv
sc delete epp
sc delete AcrSch2Svc
Did the above seem to work or did they show an error?
Uninstall Malwarebytes Anti-Exploit as it is not working.
Also uninstall Microsoft OneNote Home and Student 2016 it's causing a crash.
Reboot and run VEW again for both system and applications
#20
Posted 19 November 2019 - 11:04 AM

All 3 deleted Successfully.
I'll have to find a way to backup all of my OneNote toolbar icons, shortcuts & app settings.
I will uninstall AntiExploit again, but before starting this thread, I already uninstalled to see if it resolved my network issues and it didn't.
#21
Posted 19 November 2019 - 12:06 PM

Forget about OneNote for now. Let's just reboot and run VEW again.
#22
Posted 19 November 2019 - 02:35 PM

Okay OneNote still installed.
AntiExploit uninstalled.
VEW System:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/11/2019 20:33:13
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/11/2019 20:32:57
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Log: 'System' Date/Time: 19/11/2019 20:23:52
Type: Error Category: 0
Event: 11 Source: cdrom
The driver detected a controller error on \Device\CdRom0.
Log: 'System' Date/Time: 19/11/2019 14:08:46
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.
Log: 'System' Date/Time: 19/11/2019 14:08:46
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.
Log: 'System' Date/Time: 19/11/2019 13:54:55
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 19/11/2019 13:54:38
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: epp fltsrv
Log: 'System' Date/Time: 19/11/2019 13:53:50
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcrSch2Svc service.
Log: 'System' Date/Time: 19/11/2019 01:15:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 19/11/2019 01:14:46
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: epp fltsrv
Log: 'System' Date/Time: 19/11/2019 01:14:41
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Malwarebytes Anti-Exploit Service service hung on starting.
Log: 'System' Date/Time: 19/11/2019 01:13:17
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcrSch2Svc service.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#23
Posted 19 November 2019 - 02:36 PM

VEW Application:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/11/2019 20:36:03
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/11/2019 20:00:00
Type: Error Category: 0
Event: 1 Source: Acronis Scheduler
Scheduler failed to run task with GUID '1A7779C8-8294-4740-8160-E7D888EB3738' because of error 2 (Failed to find the file (folder) or the key (value) in the registry.).
Log: 'Application' Date/Time: 19/11/2019 17:00:00
Type: Error Category: 0
Event: 1 Source: Acronis Scheduler
Scheduler failed to run task with GUID '1A7779C8-8294-4740-8160-E7D888EB3738' because of error 2 (Failed to find the file (folder) or the key (value) in the registry.).
Log: 'Application' Date/Time: 19/11/2019 01:19:55
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ONENOTE.EXE, version: 16.0.12130.20272, time stamp: 0x5db3ab70 Faulting module name: ntdll.dll, version: 6.1.7601.24535, time stamp: 0x5dc1e8db Exception code: 0xc0000005 Fault offset: 0x0004ebc3 Faulting process id: 0x11f0 Faulting application start time: 0x01d59e776c2cfc4b Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: b104b753-0a6a-11ea-b8d9-00248c02da27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/11/2019 20:33:28
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.
Log: 'Application' Date/Time: 19/11/2019 20:31:33
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:
Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{ECD32AEA-746F-4DCB-BF68-082757FAFF18}.
Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{ECD32AEA-746F-4DCB-BF68-082757FAFF18}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{EA30C654-C62C-441F-AC00-95F9A196782C}.
Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{EA30C654-C62C-441F-AC00-95F9A196782C}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{E810CEE7-6E51-4CB0-AA3A-0B985B70DAF7}.
Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{E810CEE7-6E51-4CB0-AA3A-0B985B70DAF7}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{E26B366D-F998-43CE-836F-CB6D904432B0}.
Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{E26B366D-F998-43CE-836F-CB6D904432B0}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\InprocServer32.
Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32.
#24
Posted 19 November 2019 - 04:21 PM

I'm going to have the forum admin move this topic to malware so I can have you run FRST:
It will give me more visibility into what is happening:
- Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Check the Addition.txt box
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
#25
Posted 19 November 2019 - 05:45 PM

But I've already done malware diagnosis here.
We concluded that I have no malware.
I even mentioned my network issues in the thread,
Since the network issues appeared during that malware diagnosis, as mentioned here, malware cannot be the cause of the issues reported in this thread.
Also, I've repaired One Note.
Edited by phickspc, 19 November 2019 - 06:58 PM.
#26
Posted 19 November 2019 - 07:54 PM

Just want the increased visibility and the ability to make changes that FRST gives me and they only let me run it in the malware forum. You don't have to make a new post. The process of moving this thread to malware should be transparent.
#27
Posted 20 November 2019 - 07:56 AM

Okay I understand, will wait for you. Thank you
Edited by phickspc, 20 November 2019 - 07:56 AM.
#28
Posted 20 November 2019 - 08:37 AM

We're now in the malware forum. Please post the FRST and addition.txt logs.
#29
Posted 20 November 2019 - 10:03 AM

#30
Posted 20 November 2019 - 10:53 AM

Follow the instructions for Answer on
https://answers.micr...f1-9e74c0da1393
Remove the CD or DVD from your player.
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that
Reboot if the fix doesn't reboot it for you
Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:






