[RKinner]

fd34:7892:cff3:ccbd:3257:9d26:2b82:2e4f is an IPv6 address used locally (not on the internet)

:4487 is a port on the device it is trying to reach.

 

Since they are logs you might try moving all of them to a different folder somewhere so the peer manager doesn't have to read them each time.  If that doesn't break anything then you can delete them all.  I expect there is a config problem in peer manager

 

I would prefer a fresh VEW report now that the Hosts file issue has been fixed.

[Advertisements]

*Edit: Oh wait you probably mean make a new vew log after I move the peer manager logs. Okay I will do that first.*

Edited by phickspc, 28 November 2019 - 10:50 AM.

[hmp3]

*Edit: Oh wait you probably mean make a new vew log after I move the peer manager logs. Okay I will do that first.*

Edited by phickspc, 28 November 2019 - 10:50 AM.

[hmp3]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/11/2019 14:02:21
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

[hmp3]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/11/2019 14:01:22
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.

Log: 'Application' Date/Time: 29/11/2019 14:00:17
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:


 

[hmp3]

Peer Manager created 15 more files since I moved all of them elsewhere yesterday.

Most of them 1kb, named "nginx_...log".

2 files named "PeerManager_...log" 23-64kb (I think these two are created upon a fresh bootup/restart).

Edited by phickspc, 29 November 2019 - 08:08 AM.

[RKinner]

Log: 'Application' Date/Time: 29/11/2019 14:01:22
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27 is about to expire or already expired.

Search for

mmc

hit Enter

 

Yes

File, Add/Remove Snap-in

Click on Certificates in the first column then hit Add (in the middle).

Click on Computer Account then on Local

Finish.  OK

 

Click on the arrow in front of Certificates (Local Computer) and it will show a long list of entries.

 

Click on the arrow in front of each entry.  If it shows Certificates as a sub entry then click on Certificates.

Now look in the middle column and click once or twice on the Expiration Date column header until the earliest dates are at the top.  Any that have dates before the current date or that are within 3 months in the future are possibilities.

Double click on the first possibility.  The first tab (General) tells you what the certificate is good for.  Click on the Details tab then scroll down to thumbprint.  Compare to the number in the error message:

 

70 04 3c 28 93 39 60 37 92 da 92 8f 73 f5 50 86 60 3f bf 27

 

Note the spaces will not be there so it will look like: 70043c289339603792da928f73f55086603fbf27

 

The most likely category is Third-Party Root Certification Authorities

 

Once you identify the certificate with the same thumbprint then note who it is from and try to figure out what software you have installed that may have used the certificate.  Try to find new software or just uninstall the old. 

 

 

Personally I just delete any certificates that have expired.  Just click on them and hit the red X.  Ignore the dire warning.  Expired certificates should not have any effect on your system so deleting them is just taking out the trash.

 

Log: 'Application' Date/Time: 29/11/2019 14:00:17
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:
 

 

 

This one is a Windows error probably created by a race condition (two processes finishing at the same or nearly the same time).  You will note that it says 0 user registry handles.  By the time it had started the error and wanted to list the handles still open they were already closed.  Open handles are common and despite the language of the error not really harmful.  Win 7 has a process to automatically deal with them.  In XP we had to install a separate service to take care of unclosed handles.

[RKinner]

For the system error:

 

http://www.itexperie...8-a06ad6d8b4d1/

[hmp3]

Done.

VEW again after reboot:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/11/2019 01:11:20
Type: Warning Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Tm
The Transaction (UOW={A5E4CA92-12B0-11EA-8F73-00248C02DA27}, Description='') was unable to be committed, and instead rolled back; this was due to an error message returned by CLFS while attempting to write a Prepare or Commit record for the Transaction.  The CLFS error returned was: 0xc0190052.
 

Log: 'Application' Date/Time: 30/11/2019 01:11:19
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1925592742-456944920-4000667399-1008_Classes:

RE: The 1530 error, are you saying we cant do anything to stop it?

[RKinner]

1530 should normally look like this:

 

Type: Warning Category: 0

Event: 1530 Source: Microsoft-Windows-User Profiles Service

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-2588259368-3398593882-3987161955-1000:

Process 1384 (\Device\HarddiskVolume1\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-2588259368-3398593882-3987161955-1000

 

 

Since yours says 0 user registry handles and gives no details we can only guess which program is causing it.  Most likely is your antivirus since I've seen AVG, AVAST, BitDefender  listed as the culprit.  Second choice is Windows Live.  I suppose if you can disable your antivirus then reboot, clear events and reboot again you can see if it is causing the problem.  Not sure what you can do about it if that's the problem other than switch to a different one.  It's not hurting anything so probably not worth the effort.

 

The other error refers to

 (CLFS) Common Log File System is a general-purpose logging service that is used by software clients running in user-mode or kernel-mode.

 

This link might help:

https://www.sevenfor...logs-reset.html

 

[hmp3]

OK. Regarding the log reset link, my error id(1) isn't listed in green where the article identifies which problem it can solve.

[RKinner]

I'm thinking this is related to the log files we moved so probably peer manager is causing the error since it just showed up.  Any idea what peer manager has to do with your blackberry?  Perhaps reinstalling your blackberry software might help.

[hmp3]

ok will have a look thanks.

[hmp3]

I think I'll leave it as it doesn't seem to be causing any noticeable issues with my blackberry and pc tasks.

Events 1530, 1 & 3, still show up on boot, but again, not noticing any problems with the way I'm using my computer.

 

Thank you for all of your help, especially with the Network delays!

For last few days I've managed to integrate the large block list into ublock origin.

And this way, Ii'm not experiencing any network/browser issues/delays!

Thank you for helping me to prolong the life of my otherwise perfect Windows 7 PC!

Happy Holidays RKinner!

[hmp3]

Hey since this thread is still open, I wanted to ask how did you find solutions for the Event Errors I posted?

I've noticed most of the time my threads are solved by simple things (not malware) or event viewer fixes.

But before this thread, I google searched by myself and didn't find the resources you posted here.

Is there a tutorial or all in one resource/website that helps you find a solution, so I can try them first and then post here if still experiencing problems in future?

[RKinner]

 Make sure when you search that you limit the search terms to generic terms.  Use " 's to tell Google you want the exact words in the same order.  Use -word  to tell it you don't want to see results that contain that word.  https://www.lifehack...fficiently.html

http://www.informit.....aspx?p=1315437

 

If you ever have to move to Win 10 you can make it look like Win 7 with Open Shell:

 

Download is at:

https://github.com/O...tup_4_4_142.exe

 

Used to be called Classic Shell:

http://www.classicshell.net/

 

 

Add Shutup10:  https://www.oo-softw...com/en/shutup10

 

and it's not a bad operating system.

 

 

If we are done then it's time to cleanup:

 

 

If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled. Also uninstall Latency Monitor, Windows Repair All in One.

Process Explorer, VEW, AdwCleaner and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.


If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

If you are running Win 10 you probably want Classic Shell:  http://www.classicshell.net/ This program will make Win 10 act like Win 7 with the same controls you are used to.



Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Media Player it never seems to need extra files to work.
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Video Downloader Professional  To save online video.   This extension (available for Chrome or Firefox)  allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!