Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random Browser dropouts especially on startup & eventviewer proble

Started by hmp3 , Nov 15 2019 10:51 AM

  • Please log in to reply

#16
hmp3
Posted 18 November 2019 - 07:17 PM

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/11/2019 01:16:28

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/11/2019 01:15:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/11/2019 01:14:46
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  epp fltsrv

Log: 'System' Date/Time: 19/11/2019 01:14:41
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Malwarebytes Anti-Exploit Service service hung on starting.

Log: 'System' Date/Time: 19/11/2019 01:13:17
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcrSch2Svc service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

Advertisements

#17
RKinner
Posted 18 November 2019 - 07:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP

Can you run VEW and have it show Applications errors?


  • 0

#18
hmp3
Posted 19 November 2019 - 08:02 AM

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

Oops didn't read that last bit, apologies.

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/11/2019 14:01:33

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/11/2019 01:19:55
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ONENOTE.EXE, version: 16.0.12130.20272, time stamp: 0x5db3ab70 Faulting module name: ntdll.dll, version: 6.1.7601.24535, time stamp: 0x5dc1e8db Exception code: 0xc0000005 Fault offset: 0x0004ebc3 Faulting process id: 0x11f0 Faulting application start time: 0x01d59e776c2cfc4b Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: b104b753-0a6a-11ea-b8d9-00248c02da27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/11/2019 13:54:47
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.

Log: 'Application' Date/Time: 19/11/2019 01:25:13
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:


Log: 'Application' Date/Time: 19/11/2019 01:14:48
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.

Log: 'Application' Date/Time: 19/11/2019 01:11:59
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:


 


  • 0

#19
RKinner
Posted 19 November 2019 - 08:40 AM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 

sc delete fltsrv
sc delete epp
sc delete AcrSch2Svc

Did the above seem to work or did they show an error?

 

Uninstall Malwarebytes Anti-Exploit  as it is not working.

 

Also uninstall Microsoft OneNote Home and Student 2016 it's causing a crash.

 

Reboot and run VEW again for both system and applications


  • 0

#20
hmp3
Posted 19 November 2019 - 11:04 AM

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

All 3 deleted Successfully.

I'll have to find a way to backup all of my OneNote toolbar icons, shortcuts & app settings.

I will uninstall AntiExploit again, but before starting this thread, I already uninstalled to see if it resolved my network issues and it didn't.


  • 0

#21
RKinner
Posted 19 November 2019 - 12:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP

Forget about OneNote for now.  Let's just reboot and run VEW again. 


  • 0

#22
hmp3
Posted 19 November 2019 - 02:35 PM

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

Okay OneNote still installed.

AntiExploit uninstalled.

 

VEW System:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/11/2019 20:33:13

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/11/2019 20:32:57
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Log: 'System' Date/Time: 19/11/2019 20:23:52
Type: Error Category: 0
Event: 11 Source: cdrom
The driver detected a controller error on \Device\CdRom0.

Log: 'System' Date/Time: 19/11/2019 14:08:46
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 40.

Log: 'System' Date/Time: 19/11/2019 14:08:46
Type: Error Category: 0
Event: 36887 Source: Schannel
The following fatal alert was received: 70.

Log: 'System' Date/Time: 19/11/2019 13:54:55
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/11/2019 13:54:38
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  epp fltsrv

Log: 'System' Date/Time: 19/11/2019 13:53:50
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcrSch2Svc service.

Log: 'System' Date/Time: 19/11/2019 01:15:46
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 19/11/2019 01:14:46
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  epp fltsrv

Log: 'System' Date/Time: 19/11/2019 01:14:41
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Malwarebytes Anti-Exploit Service service hung on starting.

Log: 'System' Date/Time: 19/11/2019 01:13:17
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcrSch2Svc service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#23
hmp3
Posted 19 November 2019 - 02:36 PM

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

VEW Application:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/11/2019 20:36:03

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/11/2019 20:00:00
Type: Error Category: 0
Event: 1 Source: Acronis Scheduler
Scheduler failed to run task  with GUID '1A7779C8-8294-4740-8160-E7D888EB3738' because of error 2 (Failed to find the file (folder) or the key (value) in the registry.).

Log: 'Application' Date/Time: 19/11/2019 17:00:00
Type: Error Category: 0
Event: 1 Source: Acronis Scheduler
Scheduler failed to run task  with GUID '1A7779C8-8294-4740-8160-E7D888EB3738' because of error 2 (Failed to find the file (folder) or the key (value) in the registry.).

Log: 'Application' Date/Time: 19/11/2019 01:19:55
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ONENOTE.EXE, version: 16.0.12130.20272, time stamp: 0x5db3ab70 Faulting module name: ntdll.dll, version: 6.1.7601.24535, time stamp: 0x5dc1e8db Exception code: 0xc0000005 Fault offset: 0x0004ebc3 Faulting process id: 0x11f0 Faulting application start time: 0x01d59e776c2cfc4b Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: b104b753-0a6a-11ea-b8d9-00248c02da27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/11/2019 20:33:28
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.

Log: 'Application' Date/Time: 19/11/2019 20:31:33
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:


Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{ECD32AEA-746F-4DCB-BF68-082757FAFF18}.

Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{ECD32AEA-746F-4DCB-BF68-082757FAFF18}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{EA30C654-C62C-441F-AC00-95F9A196782C}.

Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{EA30C654-C62C-441F-AC00-95F9A196782C}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{E810CEE7-6E51-4CB0-AA3A-0B985B70DAF7}.

Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{E810CEE7-6E51-4CB0-AA3A-0B985B70DAF7}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{E26B366D-F998-43CE-836F-CB6D904432B0}.

Log: 'Application' Date/Time: 19/11/2019 15:08:27
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \CLSID\{E26B366D-F998-43CE-836F-CB6D904432B0}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F667-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{3050F819-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\InprocServer32.

Log: 'Application' Date/Time: 19/11/2019 15:08:19
Type: Warning Category: 0
Event: 1039 Source: MsiInstaller
Product: Office 16 Click-to-Run Extensibility Component. The application tried to modify a protected Windows registry key \Software\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32.

 


  • 0

#24
RKinner
Posted 19 November 2019 - 04:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP

I'm going to have the forum admin move this topic to malware so I can have you run FRST:

 

It will give me more visibility into what is happening:

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


  • 0

#25
hmp3
Posted 19 November 2019 - 05:45 PM

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

But I've already done malware diagnosis here.

We concluded that I have no malware.

I even mentioned my network issues in the thread,

Since the network issues appeared during that malware diagnosis, as mentioned here, malware cannot be the cause of the issues reported in this thread.

Also, I've repaired One Note.


Edited by phickspc, 19 November 2019 - 06:58 PM.

  • 0

Advertisements

#26
RKinner
Posted 19 November 2019 - 07:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP

Just want the increased visibility and the ability to make changes that FRST gives me and they only let me run it in the malware forum.  You don't have to make a new post.  The process of moving this thread to malware should be transparent.


  • 0

#27
hmp3
Posted 20 November 2019 - 07:56 AM

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

Okay I understand, will wait for you. Thank you :)


Edited by phickspc, 20 November 2019 - 07:56 AM.

  • 0

#28
RKinner
Posted 20 November 2019 - 08:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP

We're now in the malware forum.  Please post the FRST and addition.txt logs.


  • 0

#29
hmp3
Posted 20 November 2019 - 10:03 AM

hmp3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 612 posts

FRST log v1

Addition log v1


Edited by phickspc, 20 November 2019 - 12:22 PM.

  • 0

#30
RKinner
Posted 20 November 2019 - 10:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,732 posts
  • MVP

Follow the instructions for Answer on

https://answers.micr...f1-9e74c0da1393

 

Remove the CD or DVD from your player.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP