# Random Windows 10 restarts



## ryrhino (Jul 28, 2013)

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 4
RAM: 5310 Mb
Graphics Card: AMD Radeon HD 7560D, 768 Mb
Hard Drives: C: 873 GB (656 GB Free);
Motherboard: LENOVO,
Antivirus: Windows Defender, Enabled and Updated
Not sure if it is okay to post other forum names here but I have posted this at PC Help Forum
For about the last two weeks in December 2017 my pc has been restarting randomly. This has happened since the most recent Windows update. The random restarts mostly happen when I have Chrome open. The restarts usually happen once per day. Once the restart happens I am still able to use the pc.
While doing my own research to try to fix the issue I found the following articles.
http://windowsreport.com/random-restart-windows-10/
I have done the first two solutions in this article. It also suggests turning off anti virus. I don't know how to update my BIOS if you think that may help me solve this issue please tell me how to update my BIOS. 
I was using the free trial of Emsisoft Anti-Malware. https://www.emsisoft.com/en/software/antimalware/ I uninstalled it using Geek uninstaller. When Geek uninstaller uninstalled emsisoft instead of checking for leftover traces I click on the restart now. I don't know if there are any leftover files of emisoft installed. How do I check to see if any of emisoft is still installed and how to delete it? 
I installed the free version of Bitdefender.
I used IObit driver booster to update drivers. Still have the random restarts after drivers were updated.
I got another random restart 12-19-2017 another random restart on 12-21-2017. 
The other article I found is this one from Windows Club website. One suggestion from this says Uncheck the Automatically restart box. Click Apply / OK and Exit which I have done. When the pc restarts I do not get a blue screen or any error messages. 
I also did all the steps in this article.
I had a chance to do a system restore on 12.28.2017 the only option I had to restore to was 12.23.2017. Not sure why that was my only option. I have uninstalled the free version of bitdefender antivirus to see if my computer restarts with that uninstalled.
On 12.28.2017 and 12.29.2017 I did not have any random restarts the entire time the pc was on for several hours.
On 12.30.2017 I had two random restarts. I will report if any more random restarts happen.
I am still using Windows defender as my anti virus.
I do not have any other anti virus installed currently.
While I surf the internet currently it seems to be faster than when I had Bitdefender and other free versions of anti virus installed at other times.
Online videos are also slow to play. Some websites do not completely load.
Since I have been using Windows defender and firewall I have not had any random restarts. 
Perhaps Bitdefender and/or Zonealarm both free editions are the reason for the restarts. 
If Bitdefender free edition or Zonealarm free edition or either or both are causing the random restart issue please tell me if settings can be adjusted to prevent or stop the random restarts using both of these.
If they are causing the issue and preventing the issue by not having them installed which free antivirus and free firewall would you recommend? I have had issues with all the free antivirus software I have used. I do only want to use a free antivirus and free firewall. 
I have used most free anti virus software in the past and they all seemed to slow down my pc and other issues that I don't remember at the time causing me to uninstall. 
No I didn't use more that one anti virus at a time.
I do not have any spare pc parts to test if any pc hardware is bad. I don't know anyone I could borrow pc parts from. 
What other ideas and suggestions do you have that I can try?
Thanks for your help.


----------



## dmccoy (Oct 7, 2017)

It sounds like you may have solved your issue by uninstalling those free AV programs. With Windows 10 Defender is all you need and should use.

Have you ran any malware virus scans? If not we need to stop and start there or post to the Malware Support Forum.

If you feel like you do not have any malware issues then please perform the following steps. It is best to perform each step, save each file and then compress all files as a .zip. Then upload the file to your next reply. Let me know if any questions.

Step 1:
Speccy
http://filehippo.com/download_speccy

1. File > Save Snapshot. This will create a file called [hostname].speccy
2. File > Publish Snapshot. This saves your snapshot to their servers
3 Copy and Paste the link to your next Reply

Step 2:
Click on Start menu

Type in cmd
Right click on cmd in list and select run as administrator 
Type sfc /scannow and press enter ( checks critical system files)

If it couldn't fix everything then:
Copy and Paste the following command into command prompt
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > 0 & notepad 0
Save the file as cbs.log and Upload to your reply

Step 3:
Download Process Explorer
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

1. Save it to your desktop then run it. Right Click and Select Run As Administrator
2. Select View Menu Click Select Columns
3. In the Select Columns Window Check Verified Signer and Click OK
4. Select Options Menu and Check Verify Image Signatures
5. Click twice on the CPU column to sort by highest CPU usage 
6. Wait approximately a minute
7. Select Save or Save As from the File Menu and save to Desktop
8. Upload the file or Copy and Paste the text to your Reply

Step 4:
Please download and Run the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe

1. Run program as Administrator
2.. Under Select log to query
3. select System
4. Under Select type to list
Select:
* Error
* Warning
Choose the Number of events as follows:

Click on umber of events
Type 20 in the box (1 to 20)
Click the Run button (Notepad will open the log)
Paste or upload to next reply
Rename the first log file or it will be overwritten

Run these steps again Except at step 3.

Select Application
Upload or Paste to next reply


----------



## managed (May 24, 2003)

dckecs : OP has already posted Speccy results at PC Help forum, this is the link :- http://speccy.piriform.com/results/Hq1nlLZnm48i0gEjrAlypkK

ryrhino : to remove Emsisoft AM re-install it then use Geek uninstaller again to remove it all properly.
Can you tell us the model name for your comnputer ?


----------



## dmccoy (Oct 7, 2017)

Thanks managed


----------



## managed (May 24, 2003)

You're welcome, I hope it helps.


----------



## ryrhino (Jul 28, 2013)

I ran a scan with the free version of Malwarebytes it found zero issues.
I ran a scan with Rouge Killer these are the results.
RogueKiller V12.11.31.0 (x64) [Jan 2 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Ryan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 01/04/2018 12:54:34 (Duration : 00:54:33)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 2 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 67.222.224.222 67.222.224.224 ([-][United States]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0291542f-b6c9-405d-9eb5-acd377d65150} | DhcpNameServer : 67.222.224.222 67.222.224.224 ([-][United States]) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-08M2NA0 +++++
--- User ---
[MBR] 151c784207ae56d65aad2712ca701074
[BSP] e6add9d0f3c9ac0dfaca2ba71fed8ffb : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2582528 | Size: 500 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 3606528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 3868672 | Size: 894558 MB
5 - Basic data partition | Offset (sectors): 1835924265 | Size: 800 MB
6 - Basic data partition | Offset (sectors): 1837562895 | Size: 31620 MB
7 - | Offset (sectors): 1902323712 | Size: 24200 MB
8 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1951897500 | Size: 792 MB
User = LL1 ... OK
User = LL2 ... OK

I found this article about removing PUM.dns.

I have not removed the two issues Rouge Killer found. Please tell me if I need to remove them and if so can I remove them without running Rouge Killer again. Please advise.
My computer is a Lenovo H535.
Thanks for your help so far.


----------



## dmccoy (Oct 7, 2017)

Okay I would recommend removing those unless you know those are safe ip addresses.

Please perform the following procdedures as well

Adware Cleaner
Download https://toolslib.net/downloads/finish/1/ to your desktop.
• Important! Before starting AdwCleaner, close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Windows Vista/ 7/8 users right-click and select Run As Administrator.
• Click on the scan button
• When the scan is ready click on the Clean button
• Upload or Paste the log in your next reply.

Junkware Removal Tool
• Please download Junkware Removal Tool to your Desktop.
http://www.bleepingcomputer.com/download/junkware-removal-tool/
• Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
• Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
• The tool will open and start scanning your system.
 • Please be patient as this can take a while to complete, depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
• Please post the contents of JRT.txt into your reply.


----------



## ryrhino (Jul 28, 2013)

I have reinstalled and uninstalled Emisoft and removed the traces that Geek uninstaller found. 
One different topic question how do you post part of a reply from someone else to one of your own posts? Not the whole post.


----------



## dmccoy (Oct 7, 2017)

Okay, is Emisoft a paid version or free. If free please uninstall and only recommend using Windows Defender with Windows 10

If you are asking how to quote a message. Then highlight the part to quote and select the quote link at bottom of window


----------



## ryrhino (Jul 28, 2013)

# AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 04 22:36:58 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
Deleted: C:\Users\Ryan\Downloads\SysInfo.exe
Deleted: C:\Users\Ryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted: Driver Booster Scheduler
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [2068 B] - [2017/12/20 3:58:48]
C:/AdwCleaner/AdwCleaner[S0].txt - [2068 B] - [2017/12/20 3:56:36]
C:/AdwCleaner/AdwCleaner[S1].txt - [1275 B] - [2018/1/4 22:36:8]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########


----------



## ryrhino (Jul 28, 2013)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by Ryan (Administrator) on Thu 01/04/2018 at 15:44:35.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Ryan) (Task)
Registry: 0 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/04/2018 at 15:47:00.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## dmccoy (Oct 7, 2017)

Please uninstall Driver booster.

Download MiniToolBox by Farbar and save it to your desktop.

Run as Administrator to start

Select to Run All options
Click Go and wait patiently
Upon completion (a reboot may be needed) a file called Result.txt will be saved on your desktop.
Upload or Paste the Results.txt to your next reply

Download HiJackThis tool from http://sourceforge.net/projects/hjt/

Run the HijackThis.exe tool with Administrator privileges
Select the option to Do a system scan and save a logfile
Compress your log file and Upload with your next reply


----------



## ryrhino (Jul 28, 2013)

dckeks said:


> Please uninstall Driver booster.


Done

MiniToolBox by Farbar Version: 17-06-2016
Ran by Ryan (administrator) on 04-01-2018 at 16:26:45
Running from "C:\Users\Ryan\Downloads"
Microsoft Windows 10 Home (X64)
Model: 10117 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
There are 7 entries.
========================= IP Configuration: ================================
Realtek PCIe GBE Family Controller = Ethernet (Connected)
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Lenovo-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : digis.net
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 18-CF-5E-C9-0B-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 18-CF-5E-C9-0B-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : digis.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : C0-3F-D5-98-85-C7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d1e1:aa53:9cba:47b3%2(Preferred)
IPv4 Address. . . . . . . . . . . : 74.81.242.111(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Lease Obtained. . . . . . . . . . : Thursday, January 4, 2018 3:49:12 PM
Lease Expires . . . . . . . . . . : Friday, January 5, 2018 3:49:12 PM
Default Gateway . . . . . . . . . : 74.81.242.1
DHCP Server . . . . . . . . . . . : 66.182.72.68
DHCPv6 IAID . . . . . . . . . . . : 163594197
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-52-0A-50-C0-3F-D5-98-85-C7
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.8.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2421:2a31:b5ae:d90(Preferred)
Link-local IPv6 Address . . . . . : fe80::2421:2a31:b5ae:d90%13(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 369098752
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-52-0A-50-C0-3F-D5-98-85-C7
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Name: google.com
Addresses: 2607:f8b0:400f:804::200e
172.217.1.78
Pinging google.com [172.217.1.78] with 32 bytes of data:
Reply from 172.217.1.78: bytes=32 time=36ms TTL=52
Reply from 172.217.1.78: bytes=32 time=33ms TTL=52
Ping statistics for 172.217.1.78:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 36ms, Average = 34ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Name: yahoo.com
Addresses: 2001:4998:44:204::100d
2001:4998:c:e33::53
2001:4998:58:2201::73
98.139.180.180
98.138.252.38
206.190.39.42
Pinging yahoo.com [98.139.180.180] with 32 bytes of data:
Reply from 98.139.180.180: bytes=32 time=82ms TTL=46
Reply from 98.139.180.180: bytes=32 time=70ms TTL=46
Ping statistics for 98.139.180.180:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 70ms, Maximum = 82ms, Average = 76ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
5...18 cf 5e c9 0b b0 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
15...18 cf 5e c9 0b b0 ......Microsoft Wi-Fi Direct Virtual Adapter
2...c0 3f d5 98 85 c7 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 74.81.242.1 74.81.242.111 35
74.81.242.0 255.255.255.128 On-link 74.81.242.111 291
74.81.242.111 255.255.255.255 On-link 74.81.242.111 291
74.81.242.127 255.255.255.255 On-link 74.81.242.111 291
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 74.81.242.111 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 74.81.242.111 291
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 331 ::/0 On-link
1 331 ::1/128 On-link
13 331 2001::/32 On-link
13 331 2001:0:9d38:953c:2421:2a31:b5ae:d90/128
On-link
2 291 fe80::/64 On-link
13 331 fe80::/64 On-link
13 331 fe80::2421:2a31:b5ae:d90/128
On-link
2 291 fe80::d1e1:aa53:9cba:47b3/128
On-link
1 331 ff00::/8 On-link
2 291 ff00::/8 On-link
13 331 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [334744] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [402992] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/04/2018 02:25:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: SecHealthUI.exe, version: 10.0.16299.15, time stamp: 0x59cda931
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xc0000002
Fault offset: 0x0000000000013fb8
Faulting process id: 0x2374
Faulting application start time: 0xSecHealthUI.exe0
Faulting application path: SecHealthUI.exe1
Faulting module path: SecHealthUI.exe2
Report Id: SecHealthUI.exe3
Faulting package full name: SecHealthUI.exe4
Faulting package-relative application ID: SecHealthUI.exe5
Error: (01/02/2018 05:05:24 PM) (Source: Microsoft-Windows-RestartManager) (User: Lenovo-PC)
Description: Application or service 'ZoneAlarm' could not be shut down.
Error: (12/31/2017 05:30:04 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/28/2017 02:59:54 PM) (Source: ESENT) (User: )
Description: svchost (4160,R,0) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU004B3.log.
Error: (12/28/2017 02:39:04 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 10.0.16299.125 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1b1c
Start Time: 01d380238af5ab64
Termination Time: 60000
Application Path: C:\Windows\explorer.exe
Report Id: b3168a89-b71f-4ac9-b107-33baff2cafba
Faulting package full name:
Faulting package-relative application ID:
Error: (12/27/2017 08:09:27 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb
Exception code: 0xc0000005
Fault offset: 0x00000000001c6e66
Faulting process id: 0x2188
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5
Error: (12/23/2017 08:44:18 PM) (Source: Application Hang) (User: )
Description: The program ShellExperienceHost.exe version 10.0.16299.15 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1a44
Start Time: 01d37c696870fc4c
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: fde48a98-c3dc-4619-9dcf-c5858b5a62cf
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (12/23/2017 08:44:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Lenovo-PC)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
Error: (12/23/2017 07:45:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: LSC.exe, version: 3.3.3.35, time stamp: 0x5744bd79
Faulting module name: Qt5WebEngineCore.dll, version: 5.5.1.0, time stamp: 0x5674826b
Exception code: 0x80000003
Fault offset: 0x0000000000bf2669
Faulting process id: 0xbb4
Faulting application start time: 0xLSC.exe0
Faulting application path: LSC.exe1
Faulting module path: LSC.exe2
Report Id: LSC.exe3
Faulting package full name: LSC.exe4
Faulting package-relative application ID: LSC.exe5
Error: (12/22/2017 06:57:46 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
System errors:
=============
Error: (01/04/2018 04:25:14 PM) (Source: DCOM) (User: Lenovo-PC)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Lenovo-PCRyanS-1-5-21-2346067745-3510472186-2909485925-1002LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/04/2018 03:56:08 PM) (Source: DCOM) (User: Lenovo-PC)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Lenovo-PCRyanS-1-5-21-2346067745-3510472186-2909485925-1002LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/04/2018 03:49:43 PM) (Source: DCOM) (User: Lenovo-PC)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Lenovo-PCRyanS-1-5-21-2346067745-3510472186-2909485925-1002LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/04/2018 03:49:15 PM) (Source: Service Control Manager) (User: )
Description: The egGetSvc service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2018 03:49:13 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.3 service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (01/04/2018 03:38:38 PM) (Source: DCOM) (User: Lenovo-PC)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}Lenovo-PCRyanS-1-5-21-2346067745-3510472186-2909485925-1002LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/04/2018 03:37:54 PM) (Source: Service Control Manager) (User: )
Description: The egGetSvc service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2018 03:37:52 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.3 service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (01/04/2018 03:36:56 PM) (Source: Service Control Manager) (User: )
Description: The Cyberlink RichVideo64 Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2018 03:36:56 PM) (Source: Service Control Manager) (User: )
Description: The AOMEI Backupper Scheduler Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (01/04/2018 02:25:37 PM) (Source: Application Error)(User: )
Description: SecHealthUI.exe10.0.16299.1559cda931KERNELBASE.dll10.0.16299.154736733cc00000020000000000013fb8237401d385a28ff63379C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exeC:\WINDOWS\System32\KERNELBASE.dll3e0b3012-4e44-4b4e-a596-5464cef12e49Microsoft.Windows.SecHealthUI_10.0.16299.15_neutral__cw5n1h2txyewySecHealthUI
Error: (01/02/2018 05:05:24 PM) (Source: Microsoft-Windows-RestartManager)(User: Lenovo-PC)
Description: 7C:\Program Files (x86)\CheckPoint\Install\Install.exeZoneAlarm0171728080
Error: (12/31/2017 05:30:04 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (12/28/2017 02:59:54 PM) (Source: ESENT)(User: )
Description: svchost4160,R,0SRUJet: C:\WINDOWS\system32\SRU\SRU004B3.log-1811 (0xfffff8ed)
Error: (12/28/2017 02:39:04 PM) (Source: Application Hang)(User: )
Description: explorer.exe10.0.16299.1251b1c01d380238af5ab6460000C:\Windows\explorer.exeb3168a89-b71f-4ac9-b107-33baff2cafba
Error: (12/27/2017 08:09:27 PM) (Source: Application Error)(User: )
Description: mbamservice.exe3.1.0.59559f745cbmbamservice.exe3.1.0.59559f745cbc000000500000000001c6e66218801d37f894483e51fC:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exeC:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exec2a1c18b-1f47-486f-92f6-1a314422eda7
Error: (12/23/2017 08:44:18 PM) (Source: Application Hang)(User: )
Description: ShellExperienceHost.exe10.0.16299.151a4401d37c696870fc4c4294967295C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exefde48a98-c3dc-4619-9dcf-c5858b5a62cfMicrosoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewyApp
Error: (12/23/2017 08:44:15 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Lenovo-PC)
Description: Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy+App
Error: (12/23/2017 07:45:23 PM) (Source: Application Error)(User: )
Description: LSC.exe3.3.3.355744bd79Qt5WebEngineCore.dll5.5.1.05674826b800000030000000000bf2669bb401d37c613d3a9607C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exeC:\Program Files\Lenovo\Lenovo Solution Center\Qt5WebEngineCore.dll3c89e385-af95-48db-bcad-a2c17c339be3
Error: (12/22/2017 06:57:46 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
CodeIntegrity Errors:
===================================
Date: 2017-12-18 18:56:31.837
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-12-18 18:53:13.547
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-12-18 18:24:36.967
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-12-18 18:24:34.553
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-12-18 17:54:29.438
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements.
Date: 2017-12-18 17:54:28.486
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-12-18 17:50:17.971
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-12-18 17:39:06.875
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-12-18 17:39:06.797
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-12-18 17:29:28.360
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
=========================== Installed Programs ============================
4K Video Downloader 4.3 (HKLM-x32\...\{D0CA3944-0FD5-40FF-97A1-FEDFFB5EE31F}) (Version: 4.3.2.2215 - Open Media LLC)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (HKLM-x32\...\{B5985100-D968-4B0D-B13C-B0362044612D}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (HKLM-x32\...\{CBB55719-C875-4C5A-A0B6-2473F77DD164}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{DC255D56-5881-0F67-6E74-5926CECA90B0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
AOMEI OneKey Recovery 1.6 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF553690FD}_is1) (Version: - AOMEI Technology Co., Ltd.)
AppNHost 1.0.5.1 (HKLM-x32\...\{A8CB86C7-CD4C-4C4F-AF6A-33D1CAC63562}) (Version: 1.0.5.1 - Mixesoft Project)
AxCrypt 2.1.1481.0 (HKLM\...\{0E1E3ADA-7669-6F26-5005-B7B48579F531}) (Version: 2.1.1481.0 - AxCrypt AB) Hidden
AxCrypt 2.1.1481.0 (HKLM-x32\...\{18db8d8e-e8a9-4911-a0bb-978f5341daeb}) (Version: 2.1.1481.0 - AxCrypt AB)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C3100 (HKLM-x32\...\{E601C028-B828-4CCC-BDC3-9678CEFC6965}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
c3100_Help (HKLM-x32\...\{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}) (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Door Control version 3.4 (HKLM-x32\...\{C580556F-89DD-4267-BD8B-BA777B2293B4}_is1) (Version: 3.4 - Digola)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EagleGet version 2.0.4.22 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.22 - EagleGet)
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.1.2.2 - Genesys Logic)
Google Chrome (HKLM\...\{BE40B3E0-129E-313C-B663-94C192C5143F}) (Version: 63.0.3239.132 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{3245D8C8-7FE0-4FD4-B04B-2720A333D592}) (Version: 1.1.0.197 - Stoneware, Inc.)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Light Alloy 4.10.2 (build 3317) (HKLM-x32\...\Light Alloy) (Version: 4.10.2 (build 3317) - Vortex Team)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.12.0 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
RogueKiller version 12.11.31.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.31.0 - Adlice Software)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unchecky v1.1 (HKLM-x32\...\Unchecky) (Version: 1.1 - Reason Software Company Inc.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
========================= Devices: ================================
Name: HP Officejet Pro 8610
Description: HP Officejet Pro 8610
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Device ID: ROOT\MULTIFUNCTION\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
========================= Memory info: ===================================
Percentage of memory in use: 38%
Total physical RAM: 5310.71 MB
Available physical RAM: 3254.52 MB
Total Virtual: 6206.71 MB
Available Virtual: 3872.46 MB
========================= Partitions: =====================================
1 Drive c: (Windows8_OS) (Fixed) (Total:873.59 GB) (Free:655.28 GB) NTFS
========================= Users: ========================================
User accounts for \\LENOVO-PC
Administrator auntd DefaultAccount 
Guest Ryan WDAGUtilityAccount 
========================= Minidump Files ==================================
No minidump file found
========================= Restore Points ==================================
24-12-2017 06:22:05 Scheduled Checkpoint
29-12-2017 02:01:51 Windows Modules Installer
04-01-2018 17:26:47 Driver Booster : AMD SATA Controller
04-01-2018 22:44:38 JRT Pre-Junkware Removal
**** End of log ****

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:29:50 PM, on 1/4/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Users\Ryan\AppData\Local\Vivaldi\Application\update_notifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Users\Ryan\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: bteagleget.com - {1E871FF8-029C-4732-8AA7-39E3D3872057} - C:\Program Files (x86)\EagleGet\eagleSniffer.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ABNotify] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [appnhost] C:\Users\Ryan\AppData\Local\Mixesoft\AppNHost\appnhost.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Vivaldi Update Notifier] "C:\Users\Ryan\AppData\Local\Vivaldi\Application\update_notifier.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links with EagleGet - res://C:\Program Files (x86)\EagleGet\IEGraberBHO.dll/202
O8 - Extra context menu item: Download with EagleGet - res://C:\Program Files (x86)\EagleGet\IEGraberBHO.dll/201
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{0291542f-b6c9-405d-9eb5-acd377d65150}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{131e0d90-4478-4e64-b34a-36869eca3fb2}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0291542f-b6c9-405d-9eb5-acd377d65150}: NameServer = 8.8.8.8,8.8.8.4
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - C:\Program Files (x86)\AOMEI Backupper\ABService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: egGetSvc - Unknown owner - C:\Program Files (x86)\EagleGet\EGMonitor.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo Solution Center System Service (LSC.Services.SystemService) - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: unchecky (Unchecky) - Reason Software Company Inc. - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
--
End of file - 9267 bytes


----------



## dmccoy (Oct 7, 2017)

I don't see any more malware issues. How is it running now? Please uninstall the following programs. Also seeing several errors with your old AV programs but can work on that later.

EagleGet
Malwarebytes

Download Process Explorer
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

1. Save it to your desktop then run it. Right Click and Select Run As Administrator
2. Select View Menu Click Select Columns
3. In the Select Columns Window Check Verified Signer and Click OK
4. Select Options Menu and Check Verify Image Signatures
5. Click twice on the CPU column to sort by highest CPU usage 
6. Wait approximately a minute
7. Select Save or Save As from the File Menu and save to Desktop
8. Upload the file or Copy and Paste the text to your Reply


----------



## dmccoy (Oct 7, 2017)

Also run the following command

Click on Start menu
Type in cmd
Right click on cmd in list and select run as administrator
Type sfc /scannow and press enter ( checks critical system files)

If it shows any issues then:

Copy and Paste the following command into command prompt
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > 0 & notepad 0
Save the file as cbs.log and Upload to your reply


Click on Start menu
Type CMD
Right click on Command Prompt and select to Run As Administrator
Copy and Paste the following into Command Prompt
Upload or paste the file to your reply
sc query state= all > %userprofile%\desktop\services.txt


----------



## ryrhino (Jul 28, 2013)

I ran scan now and the scan didn't find any issues.

PC seems a bit faster running now than it was.



dckeks said:


> EagleGet
> Malwarebytes


Done



dckeks said:


> seeing several errors with your old AV programs but can work on that later.


Please let me know when we will work on these issues. No hurry to do so.

Glad malware is gone. Should I run something other than Malwarebytes to check for malware? If so what do you suggest? How often should I check for malware?

I appreciate the help.


----------



## dmccoy (Oct 7, 2017)

I am glad to hear it is running better. As long as you protect yourself by following good computing practices then you shouldn't have to manually scan for malware unless you notice issues that make you suspect malware or virus.

Please perform the following steps again. It doesn't look like you uploaded the full log.

Download Process Explorer
https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

1. Save it to your desktop then run it. Right Click and Select Run As Administrator
2. Select View Menu Click Select Columns
3. In the Select Columns Window Check Verified Signer and Click OK
4. Select Options Menu and Check Verify Image Signatures
5. Click twice on the CPU column to sort by highest CPU usage 
6. Wait approximately a minute
7. Select Save or Save As from the File Menu and save to Desktop
8. Name the file ProcessExplorer.txt
9. Upload the file or Copy and Paste the text to your Reply


----------



## ryrhino (Jul 28, 2013)

Process CPU Private Bytes Working Set PID Verified Signer
procexp64.exe 2.82 24,208 K 56,500 K 7904 (Verified) Microsoft Corporation
UMonit64.exe 0.20 1,760 K 1,656 K 8428 
explorer.exe 0.07 42,848 K 91,300 K 5316 (Verified) Microsoft Windows
unchecky_bg.exe 0.01 1,816 K 9,788 K 380 (Verified) Reason Software Company Inc.
chrome.exe 0.01 30,912 K 40,288 K 5416 (Verified) Google Inc
chrome.exe 0.01 101,548 K 157,900 K 2808 (Verified) Google Inc
hpqtra08.exe < 0.01 3,744 K 14,444 K 2520 (Verified) Hewlett Packard
update_notifier.exe 3,808 K 12,588 K 3240 (Verified) Vivaldi Technologies AS
taskhostw.exe 6,048 K 14,856 K 6424 (Verified) Microsoft Windows
svchost.exe 6,304 K 25,456 K 892 (Verified) Microsoft Windows Publisher
svchost.exe 3,204 K 12,900 K 7396 (Verified) Microsoft Windows Publisher
svchost.exe 2,816 K 11,364 K 884 (Verified) Microsoft Windows Publisher
smartscreen.exe 13,568 K 27,524 K 5332 (Verified) Microsoft Windows
sihost.exe 5,528 K 22,380 K 8812 (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 32,068 K 67,152 K 4564 (Verified) Microsoft Windows
SearchUI.exe Suspended 54,264 K 89,640 K 7588 (Verified) Microsoft Windows
RuntimeBroker.exe 6,292 K 21,120 K 2300 (Verified) Microsoft Windows
RuntimeBroker.exe 3,028 K 12,628 K 4528 (Verified) Microsoft Windows
procexp.exe 3,312 K 10,472 K 2200 (Verified) Microsoft Corporation
pidgin.exe 14,188 K 31,064 K 580 (Verified) Open Source Developer
MSASCuiL.exe 1,928 K 9,164 K 9348 (Verified) Microsoft Windows
LSCNotify.exe 1,632 K 240 K 6808 (Verified) LENOVO
hpwuschd2.exe 1,300 K 6,088 K 1540 (Verified) Hewlett-Packard Company
hotkey.exe 1,700 K 8,272 K 9736 (No signature was present in the subject) Lenovo
Greenshot.exe 40,984 K 61,240 K 1336 (Verified) Open Source Developer
ctfmon.exe 2,896 K 12,908 K 5324 
chrome.exe 54,108 K 69,140 K 7468 (Verified) Google Inc
chrome.exe 85,128 K 105,360 K 6976 (Verified) Google Inc
chrome.exe 86,000 K 77,304 K 6608 (Verified) Google Inc
chrome.exe 95,452 K 101,044 K 9016 (Verified) Google Inc
chrome.exe 39,076 K 49,204 K 8340 (Verified) Google Inc
chrome.exe 26,268 K 35,792 K 4080 (Verified) Google Inc
chrome.exe 32,068 K 38,560 K 8608 (Verified) Google Inc
chrome.exe 33,412 K 42,640 K 3196 (Verified) Google Inc
chrome.exe 53,556 K 63,508 K 5836 (Verified) Google Inc
chrome.exe 36,900 K 44,824 K 6556 (Verified) Google Inc
chrome.exe 49,812 K 58,644 K 7224 (Verified) Google Inc
chrome.exe 27,164 K 35,548 K 5104 (Verified) Google Inc
chrome.exe 2,024 K 9,568 K 364 (Verified) Google Inc
chrome.exe 2,028 K 8,808 K 6156 (Verified) Google Inc


----------



## dmccoy (Oct 7, 2017)

Sorry, I am still not seeing the full report please carefully follow the steps below and upload the file instead of pasting the text. Thank you

1. Save it to your desktop then run it. Right Click and Select Run As Administrator
2. Select View Menu Click Select Columns
3. In the Select Columns Window Check Verified Signer and Click OK
4. Select Options Menu and Check Verify Image Signatures
5. Double Click o the CPU Column to sort by highest CPU usage. 
(System Idle Process should be at the top once sorted properly) 
6. Wait approximately a minute
7. Select Save or Save As from the File Menu and save System Idle Process.txt to Desktop
8. Upload the file to your Reply


----------



## ryrhino (Jul 28, 2013)

dckeks said:


> Save it to your desktop then run it. Right Click and Select Run As Administrator


How and when do I save to desktop? I don't get the option to save to desktop when I click on the download link. It downloads to a zip file without a save option. Please tell me how to do so. Thanks.


----------



## ryrhino (Jul 28, 2013)

I figured out how to save to desktop and run as administrator.
I am posting what shows when I run the explorer as an administrator and following your steps.


----------



## dmccoy (Oct 7, 2017)

Okay it looks like you got it running. Now follow these steps for saving the file

5. Double Click on the CPU Column to sort by highest CPU usage. 
(System Idle Process should be at the top once sorted properly) 
6. Wait approximately a minute
7. Select Save or Save As from the File Menu and save System Idle Process.txt to Desktop
8. Upload the file to your Reply

8. Upload the file to your Reply


----------



## ryrhino (Jul 28, 2013)

I am unable to get System Idle Process on top I don't see it listed. 
Please tell me how to do so. 
I forgot to post image that is why you didn't see any images.


----------



## dmccoy (Oct 7, 2017)

I am not sure why it isn't showing on yours. 

Enclosed is a file of what it should look similar to


----------



## ryrhino (Jul 28, 2013)

If you are going into properties in the cpu column please tell me what to do once in the proprieties window. If not I still can't see system idle. 
Thanks for your patience with me.


----------



## dmccoy (Oct 7, 2017)

I am not going into any properties on the CPU column. I am only double clicking on it which sorts it to Highest CPU usage at the top.


----------



## dmccoy (Oct 7, 2017)

Select the file menu and then Save or Save As


----------



## ryrhino (Jul 28, 2013)

The reason I was getting properties is because I was double clicking on one of the listed items. When I clicked on the words CPU at the top the items did move but I never saw the system idle listed. I have attached a screen shot and and text.


----------



## ryrhino (Jul 28, 2013)

What are the next steps? I understand you dckeks has more to do than to help me. I have not seen a reply back from you lately. No hurry to reply. 
Once again thanks for your help.


----------



## dmccoy (Oct 7, 2017)

I am still not seeing the information in the log I need to help troubleshoot. I am not sure why you are having issues with my steps. Let me see if I can find another method to get the info I need.

Lets see what the following shows

Please download and Run the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe

1. Run program as Administrator
2.. Under Select log to query
3. select System
4. Under Select type to list
Select:
* Error
* Warning
Choose the Number of events as follows:
7. Click on umber of events
8. Type 20 in the box (1 to 20)
9. Click the Run button (Notepad will open the log)
10. Paste or upload to next reply
Rename the first log file or it will be overwritten

Run these steps again Except at step 3.
11. Select Application
12. Upload or Paste to next reply
Type in cmd
Right click on cmd in list and select run as administrator


----------



## dmccoy (Oct 7, 2017)

Also perform the following

Right click on taskbar and select Task Manager from the menu
Select the Details tab
Click on CPU column if not already sorted from Highest to lowest usage
Hold down Ctrl key to pause the Task Manager
Press Print Screen key on keyboard or using Windows Snippet to capture the Window
Open Paint and Paste the Screenhot
Save the file as System Idle Process.jpg
Upload the file


----------



## ryrhino (Jul 28, 2013)

I could not get your link to show.
Also when I try to download anything Windows defender pops up with a warning. Should I turn off defender to download if not how do I download? 
If I want to download other things will I also need to turn off defender? If so that seems to defeat the purpose of an anti virus. If I am wrong please correct me.


----------



## dmccoy (Oct 7, 2017)

The link did not copy correctly. Try again and yes if warning disable defender. It is safe file

http://images.malwareremoval.com/vino/VEW.exe


----------



## ryrhino (Jul 28, 2013)

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 10/01/2018 8:04:39 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/12/2017 9:43:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 31/12/2017 12:33:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 30/12/2017 8:53:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 30/12/2017 1:10:54 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/12/2017 9:59:06 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/12/2017 7:54:52 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/12/2017 12:31:58 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 27/12/2017 2:47:51 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 26/12/2017 1:32:20 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 25/12/2017 11:10:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 24/12/2017 12:40:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 23/12/2017 3:32:02 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 22/12/2017 1:35:06 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 20/12/2017 2:21:36 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 19/12/2017 12:28:31 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 18/12/2017 1:56:46 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 17/12/2017 3:00:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 16/12/2017 2:44:17 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 14/12/2017 2:22:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 12/12/2017 10:28:18 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/01/2018 2:02:51 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 11/01/2018 1:57:30 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 11/01/2018 1:53:00 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 11/01/2018 1:21:07 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\auntd SID (S-1-5-21-2346067745-3510472186-2909485925-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 11/01/2018 12:52:15 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 10/01/2018 11:55:56 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 10/01/2018 11:35:35 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 10/01/2018 9:57:20 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 10/01/2018 3:03:36 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 10/01/2018 1:28:25 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 10/01/2018 12:52:28 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 11:49:42 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\auntd SID (S-1-5-21-2346067745-3510472186-2909485925-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 11:40:23 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 11:29:19 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 11:06:15 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 9:56:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 9:04:40 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 8:11:25 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 7:19:06 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 09/01/2018 7:15:27 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2018 12:53:36 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name login.live.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 08/01/2018 3:26:50 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name media3.penguinmagic.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 06/01/2018 1:59:49 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name images.penguinmagic.com.s3.amazonaws.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 04/01/2018 8:10:01 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name assets.purch.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 04/01/2018 6:49:04 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name hybridclient.naiadsystems.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\svchost.exe with process id 10116 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe with process id 10024 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\taskhostw.exe with process id 10008 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe with process id 9980 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe with process id 9912 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\svchost.exe with process id 9880 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\SrTasks.exe with process id 9804 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\jmesoft\hotkey.exe with process id 9644 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe with process id 9560 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe with process id 9156 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\RuntimeBroker.exe with process id 9128 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\csrss.exe with process id 8756 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files\Windows Defender\MSASCuiL.exe with process id 8536 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\svchost.exe with process id 8520 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\svchost.exe with process id 8432 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.


----------



## ryrhino (Jul 28, 2013)

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 10/01/2018 8:11:13 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2018 1:52:39 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:50:14 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:50:14 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:50:12 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:21:01 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:59:23 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:59:22 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:59:21 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:52:09 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:20:26 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 09/01/2018 10:07:45 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 09/01/2018 4:13:49 AM
Type: Error Category: 3
Event: 1019 Source: Microsoft-Windows-Search
Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2346067745-3510472186-2909485925-1002}/">. 
Log: 'Application' Date/Time: 06/01/2018 10:45:48 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 06/01/2018 10:45:47 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 04/01/2018 9:25:37 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SecHealthUI.exe, version: 10.0.16299.15, time stamp: 0x59cda931 Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c Exception code: 0xc0000002 Fault offset: 0x0000000000013fb8 Faulting process id: 0x2374 Faulting application start time: 0x01d385a28ff63379 Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 3e0b3012-4e44-4b4e-a596-5464cef12e49 Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.16299.15_neutral__cw5n1h2txyewy Faulting package-relative application ID: SecHealthUI
Log: 'Application' Date/Time: 03/01/2018 12:05:24 AM
Type: Error Category: 0
Event: 10006 Source: Microsoft-Windows-RestartManager
Application or service 'ZoneAlarm' could not be shut down.
Log: 'Application' Date/Time: 01/01/2018 12:30:04 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 28/12/2017 9:59:54 PM
Type: Error Category: 3
Event: 455 Source: ESENT
svchost (4160,R,0) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU004B3.log.
Log: 'Application' Date/Time: 28/12/2017 9:39:04 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 10.0.16299.125 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1b1c Start Time: 01d380238af5ab64 Termination Time: 60000 Application Path: C:\Windows\explorer.exe Report Id: b3168a89-b71f-4ac9-b107-33baff2cafba Faulting package full name: Faulting package-relative application ID: 
Log: 'Application' Date/Time: 28/12/2017 3:09:27 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb Faulting module name: mbamservice.exe, version: 3.1.0.595, time stamp: 0x59f745cb Exception code: 0xc0000005 Fault offset: 0x00000000001c6e66 Faulting process id: 0x2188 Faulting application start time: 0x01d37f894483e51f Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Report Id: c2a1c18b-1f47-486f-92f6-1a314422eda7 Faulting package full name: Faulting package-relative application ID: 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/01/2018 10:06:51 PM
Type: Warning Category: 0
Event: 8303 Source: Microsoft-Windows-System-Restore
Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5 with error 0x80070057.
Log: 'Application' Date/Time: 09/01/2018 4:13:49 AM
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x1) (0x00000001)
Log: 'Application' Date/Time: 09/01/2018 4:13:49 AM
Type: Warning Category: 3
Event: 3037 Source: Microsoft-Windows-Search
Crawl could not be started on content source <iehistory://{S-1-5-21-2346067745-3510472186-2909485925-1002}/>.
Context: Application, SystemIndex Catalog
Details:
The specified address was excluded from the index. The site path rules may have to be modified to include this address. (HRESULT : 0x80040d07) (0x80040d07)
Log: 'Application' Date/Time: 03/01/2018 12:04:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\CheckPoint\Install\Install.exe' (pid 2808) cannot be restarted - Application SID does not match Conductor SID..
Log: 'Application' Date/Time: 28/12/2017 9:59:57 PM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (6204,R,0) WebCacheLocal: The shadow header page of file C:\Users\Ryan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.
Log: 'Application' Date/Time: 28/12/2017 9:25:06 PM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> took 130 second(s) to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/12/2017 9:23:56 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
Log: 'Application' Date/Time: 24/12/2017 3:43:02 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 24/12/2017 3:43:02 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 24/12/2017 3:42:25 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 13/12/2017 2:00:22 AM
Type: Warning Category: 7
Event: 507 Source: ESENT
Video.UI (8992,D,0) {40675672-3B99-4D25-BECB-69CFD9B1C9B2}: A request to read from the file "C:\Users\Ryan\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb" at offset 65536 (0x0000000000010000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (26 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 07/12/2017 7:43:51 PM
Type: Warning Category: 0
Event: 1193 Source: Microsoft-Windows-Security-SPP
Failed to gather PKEY information for OEMM product key. Error: 0xC004E016 Product key: NXGPT-6VMRB-HXVCW-2983H-MBGR3
Log: 'Application' Date/Time: 07/12/2017 7:41:17 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Version Upgrade}. 
Log: 'Application' Date/Time: 07/12/2017 7:38:06 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 07/12/2017 7:38:06 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 07/12/2017 7:38:06 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 07/12/2017 7:38:06 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 07/12/2017 7:38:05 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 07/12/2017 7:38:05 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WsmAgent, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\winrm to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 07/12/2017 7:38:05 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ProfileAssociationProviderInterop, has been registered in the Windows Management Instrumentation namespace ROOT\Interop to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.


----------



## ryrhino (Jul 28, 2013)

Please let me know if I need to correct anything and if so how to correct if needed.


----------



## dmccoy (Oct 7, 2017)

I am seeing possible information of an invalid Windows key. Please run the following so I can verify

1. Click on Start menu
2. Type CMD
3. Right click on Command Prompt and select to Run As Administrator
4. Copy and Paste the following into Command Prompt
cscript C:\Windows\System32\slmgr.vbs /dli > 0 & notepad 0 (press enter)
5. Upload the file​


----------



## ryrhino (Jul 28, 2013)

Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.
Name: Windows(R), Core edition
Description: Windows(R) Operating System, RETAIL channel
Partial Product Key: 8HVX7
License Status: Licensed


----------



## dmccoy (Oct 7, 2017)

Thank you, next steps below.

1. Remove the following programs using either RevoUninstaller or Geek uninstaller
https://www.revouninstaller.com/revo_uninstaller_free_download.html
https://geekuninstaller.com/
1. Malwarebytes
2. IO bit all programs
3. Zone Alarm

2. Click on Start menu
Type in cmd Right click on cmd in list and select run as administrator
1. Sfc /Scannow
2. Dism /Online /Cleanup-Image /RestoreHealth

*Copy and paste the contents of the Command Window as follows*
Right click on the top bar or title bar of the Command Prompt Window
Left click on Edit then Select All
Right click on the top bar again
Left click on Edit then Copy
Upload to next your reply


----------



## ryrhino (Jul 28, 2013)

I looked at the programs list in control panel, Geek, and Revo to make sure I didn't have any of the programs you listed which I didn't. Is it alright to run cmd now? I was not sure since I didn't find any of the programs you listed.


----------



## dmccoy (Oct 7, 2017)

RevoUninstaller and Geek Uninstaller are uninstall utilities that are more complete at removing all traces of files after uninstalled. The links in the above post will allow you to download and run one of them. Geek Uninstaller is portable. After installing then remove the programs listed 1,2,3 above in step 1.


----------



## ryrhino (Jul 28, 2013)

The programs you listed as 1,2,3 geek installer, revo, and the programs list control panel *did not* have any of the programs listed as 1,2,3. I am including screen shots of geek uninstaller to show all the programs listed on this pc. In other words Malwarebytes, IO bit all programs, and ZoneAlarm are *not* in my programs list.


----------



## dmccoy (Oct 7, 2017)

Okay I understand now. They have been uninstalled but there are leftovers.

Download and run the following programs to uninstall them. It is recommended to run these from safe mode. If they won't run in safe mode then run in normal mode.

https://www.bleepingcomputer.com/download/zonealarm-uninstall-tool/

https://support.malwarebytes.com/external-link.jspa?url=https://downloads.malwarebytes.com/file/mb_clean

http://guides.mightyuninstaller.com/MU_Download.php


----------



## ryrhino (Jul 28, 2013)

When I tried to run the malwarebytes I got the following:
2018-01-11 16:21:38.846 mb-clean:3.1.0.1031 @ Malwarebytes. All rights reserved.
2018-01-11 16:21:41.440 No Malwarebytes software installed.
2018-01-11 16:21:48.792 HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver does not exist.
2018-01-11 16:21:48.793 HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2018-01-11 16:21:48.793 HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt does not exist.
2018-01-11 16:21:48.794 HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection does not exist.
2018-01-11 16:21:48.794 HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2018-01-11 16:21:48.795 HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2018-01-11 16:21:48.796 HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection does not exist.
2018-01-11 16:21:50.483 Trying to delete REG key: HKCR\TypeLib\{A1D48491-19A0-432C-8865-BDA5BE867C7B}
2018-01-11 16:21:50.487 Trying to delete REG key: HKCR\TypeLib\{C4C4070E-2249-438E-9BB8-318AF189B6EA}
2018-01-11 16:21:50.537 Trying to delete path C:\ProgramData\Malwarebytes\
2018-01-11 16:21:50.537 Cannot delete path C:\ProgramData\Malwarebytes\, reasonThe system cannot find the path specified.(error=3))
2018-01-11 16:21:50.537 Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\
2018-01-11 16:21:50.537 Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\, reasonThe system cannot find the path specified.(error=3))
2018-01-11 16:21:50.537 Trying to delete path C:\Program Files\Malwarebytes\Anti-Malware\
2018-01-11 16:21:50.537 Cannot delete path C:\Program Files\Malwarebytes\Anti-Malware\, reasonThe system cannot find the path specified.(error=3))
2018-01-11 16:21:50.537 --------END OF LOG FILE ----------
2018-01-11 16:34:05.535 mb-clean:3.1.0.1031 @ Malwarebytes. All rights reserved.
2018-01-11 16:34:08.422 No Malwarebytes software installed.
2018-01-11 16:34:15.165 HKLM\SYSTEM\CurrentControlSet\Services\ESProtectionDriver does not exist.
2018-01-11 16:34:15.174 HKLM\SYSTEM\CurrentControlSet\Services\MBAMChameleon does not exist.
2018-01-11 16:34:15.174 HKLM\SYSTEM\CurrentControlSet\Services\MBAMFarflt does not exist.
2018-01-11 16:34:15.175 HKLM\SYSTEM\CurrentControlSet\Services\MBAMProtection does not exist.
2018-01-11 16:34:15.175 HKLM\SYSTEM\CurrentControlSet\Services\MBAMService does not exist.
2018-01-11 16:34:15.176 HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy does not exist.
2018-01-11 16:34:15.176 HKLM\SYSTEM\CurrentControlSet\Services\MBAMWebProtection does not exist.
2018-01-11 16:34:17.276 Trying to delete path C:\ProgramData\Malwarebytes\
2018-01-11 16:34:17.276 Cannot delete path C:\ProgramData\Malwarebytes\, reasonThe system cannot find the path specified.(error=3))
2018-01-11 16:34:17.276 Trying to delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\
2018-01-11 16:34:17.276 Cannot delete path C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\, reasonThe system cannot find the path specified.(error=3))
2018-01-11 16:34:17.276 Trying to delete path C:\Program Files\Malwarebytes\Anti-Malware\
2018-01-11 16:34:17.276 Cannot delete path C:\Program Files\Malwarebytes\Anti-Malware\, reasonThe system cannot find the path specified.(error=3))
2018-01-11 16:34:17.293 --------END OF LOG FILE ----------

I can not get zonealarm tool to work. I tried in both safe mode and regular mode. I downloaded from both bleeping computer and major geeks website. Pop up window says can not run this app on this version of Windows. Mightyuninstaller I get error 404 from the link your provided.


----------



## dmccoy (Oct 7, 2017)

Okay, we can remove these another way then.

Pleases move on these next steps

2. Click on Start menu
Type in cmd Right click on cmd in list and select run as administrator
1. Sfc /Scannow
2. Dism /Online /Cleanup-Image /RestoreHealth

*Copy and paste the contents of the Command Window as follows*
Right click on the top bar or title bar of the Command Prompt Window
Left click on Edit then Select All
Right click on the top bar again
Left click on Edit then Copy
Upload to next your reply


----------



## ryrhino (Jul 28, 2013)

Microsoft Windows [Version 10.0.16299.192]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
C:\WINDOWS\system32>
C:\WINDOWS\system32>Dism /Online /Cleanup-Image /RestoreHealth
Deployment Image Servicing and Management tool
Version: 10.0.16299.15
Image Version: 10.0.16299.192
[==========================100.0%==========================] The restore operation completed successfully.
The operation completed successfully.
C:\WINDOWS\system32>


----------



## dmccoy (Oct 7, 2017)

Okay, please rerun the steps in post 30 to provide new event logs


----------



## ryrhino (Jul 28, 2013)

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 12/01/2018 4:47:44 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 31/12/2017 9:43:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 31/12/2017 12:33:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 30/12/2017 8:53:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 30/12/2017 1:10:54 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/12/2017 9:59:06 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/12/2017 7:54:52 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 28/12/2017 12:31:58 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 27/12/2017 2:47:51 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 26/12/2017 1:32:20 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 25/12/2017 11:10:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 24/12/2017 12:40:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 23/12/2017 3:32:02 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 22/12/2017 1:35:06 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 20/12/2017 2:21:36 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 19/12/2017 12:28:31 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 18/12/2017 1:56:46 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 17/12/2017 3:00:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 16/12/2017 2:44:17 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 14/12/2017 2:22:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 12/12/2017 10:28:18 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/01/2018 11:43:21 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 9:07:34 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\auntd SID (S-1-5-21-2346067745-3510472186-2909485925-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 9:00:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\auntd SID (S-1-5-21-2346067745-3510472186-2909485925-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 8:55:02 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 8:38:06 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 5:26:46 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 2:48:24 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 2:14:27 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 1:59:43 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 1:57:57 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.3 service failed to start due to the following error: The system cannot find the file specified.
Log: 'System' Date/Time: 12/01/2018 1:57:57 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The !SASCORE service failed to start due to the following error: The system cannot find the file specified.
Log: 'System' Date/Time: 12/01/2018 1:57:05 AM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
Log: 'System' Date/Time: 12/01/2018 1:37:22 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 1:03:14 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\auntd SID (S-1-5-21-2346067745-3510472186-2909485925-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 12/01/2018 12:12:36 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 11/01/2018 11:52:02 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\auntd SID (S-1-5-21-2346067745-3510472186-2909485925-1007) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 11/01/2018 11:50:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.3 service failed to start due to the following error: The system cannot find the file specified.
Log: 'System' Date/Time: 11/01/2018 11:50:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The !SASCORE service failed to start due to the following error: The system cannot find the file specified.
Log: 'System' Date/Time: 11/01/2018 11:30:14 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 11/01/2018 11:25:10 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user Lenovo-PC\Ryan SID (S-1-5-21-2346067745-3510472186-2909485925-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2018 12:53:36 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name login.live.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 08/01/2018 3:26:50 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name media3.penguinmagic.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 06/01/2018 1:59:49 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name images.penguinmagic.com.s3.amazonaws.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 04/01/2018 8:10:01 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name assets.purch.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 04/01/2018 6:49:04 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name hybridclient.naiadsystems.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\svchost.exe with process id 10116 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe with process id 10024 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\taskhostw.exe with process id 10008 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files (x86)\IObit\Driver Booster\5.1.0\Scheduler.exe with process id 9980 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe with process id 9912 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\svchost.exe with process id 9880 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\SrTasks.exe with process id 9804 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\jmesoft\hotkey.exe with process id 9644 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe with process id 9560 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe with process id 9156 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\RuntimeBroker.exe with process id 9128 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\csrss.exe with process id 8756 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Program Files\Windows Defender\MSASCuiL.exe with process id 8536 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\svchost.exe with process id 8520 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.
Log: 'System' Date/Time: 04/01/2018 5:27:21 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume5\Windows\System32\svchost.exe with process id 8432 stopped the removal or ejection for the device PCI\VEN_1022&DEV_7801&SUBSYS_367417AA&REV_40\3&267a616a&1&88.


----------



## ryrhino (Jul 28, 2013)

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 12/01/2018 4:50:56 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/01/2018 9:18:55 PM
Type: Error Category: 3
Event: 1019 Source: Microsoft-Windows-Search
Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2346067745-3510472186-2909485925-1002}/">. 
Log: 'Application' Date/Time: 11/01/2018 11:17:00 PM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 6:56:20 PM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 5:37:16 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 5:37:16 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 5:37:15 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 5:37:15 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 5:37:05 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:52:39 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:50:14 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:50:14 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:50:12 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 1:21:01 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:59:23 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:59:22 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:59:21 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:52:09 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 11/01/2018 12:20:26 AM
Type: Error Category: 16
Event: 16391 Source: ATIeRecord
ATI EEU maximum number of session has been surpassed
Log: 'Application' Date/Time: 09/01/2018 10:07:45 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 09/01/2018 4:13:49 AM
Type: Error Category: 3
Event: 1019 Source: Microsoft-Windows-Search
Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2346067745-3510472186-2909485925-1002}/">. 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/01/2018 9:18:55 PM
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x1) (0x00000001)
Log: 'Application' Date/Time: 12/01/2018 9:18:55 PM
Type: Warning Category: 3
Event: 3037 Source: Microsoft-Windows-Search
Crawl could not be started on content source <iehistory://{S-1-5-21-2346067745-3510472186-2909485925-1002}/>.
Context: Application, SystemIndex Catalog
Details:
The specified address was excluded from the index. The site path rules may have to be modified to include this address. (HRESULT : 0x80040d07) (0x80040d07)
Log: 'Application' Date/Time: 11/01/2018 11:23:21 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 11/01/2018 11:23:20 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 11/01/2018 11:18:25 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 09/01/2018 10:06:51 PM
Type: Warning Category: 0
Event: 8303 Source: Microsoft-Windows-System-Restore
Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5 with error 0x80070057.
Log: 'Application' Date/Time: 09/01/2018 4:13:49 AM
Type: Warning Category: 3
Event: 3023 Source: Microsoft-Windows-Search
The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.
Context: Application, SystemIndex Catalog
Details:
(HRESULT : 0x1) (0x00000001)
Log: 'Application' Date/Time: 09/01/2018 4:13:49 AM
Type: Warning Category: 3
Event: 3037 Source: Microsoft-Windows-Search
Crawl could not be started on content source <iehistory://{S-1-5-21-2346067745-3510472186-2909485925-1002}/>.
Context: Application, SystemIndex Catalog
Details:
The specified address was excluded from the index. The site path rules may have to be modified to include this address. (HRESULT : 0x80040d07) (0x80040d07)
Log: 'Application' Date/Time: 03/01/2018 12:04:54 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\CheckPoint\Install\Install.exe' (pid 2808) cannot be restarted - Application SID does not match Conductor SID..
Log: 'Application' Date/Time: 28/12/2017 9:59:57 PM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (6204,R,0) WebCacheLocal: The shadow header page of file C:\Users\Ryan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.
Log: 'Application' Date/Time: 28/12/2017 9:25:06 PM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> took 130 second(s) to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/12/2017 9:23:56 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
Log: 'Application' Date/Time: 24/12/2017 3:43:02 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 24/12/2017 3:43:02 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 24/12/2017 3:42:25 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 13/12/2017 2:00:22 AM
Type: Warning Category: 7
Event: 507 Source: ESENT
Video.UI (8992,D,0) {40675672-3B99-4D25-BECB-69CFD9B1C9B2}: A request to read from the file "C:\Users\Ryan\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb" at offset 65536 (0x0000000000010000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (26 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 07/12/2017 7:43:51 PM
Type: Warning Category: 0
Event: 1193 Source: Microsoft-Windows-Security-SPP
Failed to gather PKEY information for OEMM product key. Error: 0xC004E016 Product key: NXGPT-6VMRB-HXVCW-2983H-MBGR3
Log: 'Application' Date/Time: 07/12/2017 7:41:17 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Version Upgrade}. 
Log: 'Application' Date/Time: 07/12/2017 7:38:06 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, DSCCoreProviders, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\DesiredStateConfiguration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Log: 'Application' Date/Time: 07/12/2017 7:38:06 PM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, EventTracingManagement, has been registered in the Windows Management Instrumentation namespace ROOT\Microsoft\Windows\EventTracingManagement to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.


----------



## dmccoy (Oct 7, 2017)

My SSD died on laptop so been busy with that today. Will be in touch tom


----------



## dmccoy (Oct 7, 2017)

I think the best way to resolve your issues is to perform a repair install. This will keep eall your files, programs, etc. After performing the install follow the steps below to remove and reinstall your video card drivers

https://www.sevenforums.com/tutorials/3413-repair-install.html

Display Driver Uninstall Utility

Important: Pay attention to the warnings DDU gives you. If you end up hosing your system somehow, you're on your own -- They are not responsible for your goofs and will not help you fix it. Honestly this shouldn't ever be an issue but some of you folks run on pretty janky setups.

1. Download the latest version of Display Driver Uninstaller (DDU for short)
2. Download the latest driver package from your GPU manufacturer. Be careful to select the correct model and operating system. Avoid beta driver packages unless you know what you're doing.
3. NVIDIA
4. AMD - http://support.amd.com/en-us/download
5. Intel
6. Extract DDU and Run Display Driver Uninstaller.exe.
7. Follow the prompts to reboot into Safe Mode.
8. Once in Safe Mode, DDU will launch itself automatically and you can begin the driver removal process
9. Select the appropriate driver type
10. click the "Clean and restart" button
11. After DDU is finished and you're back in normal Windows, things probably look pretty crappy! Install the GPU driver package you downloaded earlier.
12. Once the driver installation process is complete, reboot one last time.

Now you can test to see if the issue you were experiencing has been resolved.

<https://obsproject.com/forum/resources/performing-a-clean-gpu-driver-installation.65/>


----------



## ryrhino (Jul 28, 2013)

On 1/13/2018 after several days without a random restart one did occur today.
When I boot my pc it says I have Windows 10. Do the steps on the repair install link you gave also work with Windows 10?
I was wondering if before doing a system repair install if installing this would be useful or not. I don't know.
www.resplendence.com/whocrashed
If doing a repair install how do I know what the correct drivers are needed for my pc?
Would using IObit driver booster be useful? I don't know that is why I asked.
I am willing to do a repair install just wondering if any of the above would be useful since I don't know.
My current pc has not had W7 installed on it only W8.1 then the free upgrade to w10.


----------



## dmccoy (Oct 7, 2017)

Here is the Windows 10 Repair install method thats what I meant. Do not use any driver update programs only go to the mfg websites to install drivers. Lets wait on Whocrashed unless you continue to have issues.

Windows 10 Repair Install
https://answers.microsoft.com/en-us...s/35160fbe-9352-4e70-9887-f40096ec3085?auth=1

Download the main drives such as chipset, lan, sound from the mfg of computer or motherboad website. Download your driver for GPU from mfg. website.

Install the chipset drivers then restart computer. Install the lan, nic, wifi, sound drivers and restart. Then install the GPU drivers and restart.


----------



## ryrhino (Jul 28, 2013)

I am willing to run DDU but I am also uncomfortable running it since I have little experience with pc drivers. I do not want to make my pc unusable.

Where should I download DDU from?

Do I need drivers from any other sites besides Lenovo and AMD? Should I use the auto detect the drivers if they have that option?

Thanks.


----------



## dmccoy (Oct 7, 2017)

1. Run the repair install
2. Remove driver with DDU
http://www.wagnardmobile.com/?q=display-driver-uninstaller-ddu-
3. Restart your computer it should start your display and everything with microsoft drivers
4. Then I will help you update your drivers at this point

More information on DDU
https://obsproject.com/forum/resources/performing-a-clean-gpu-driver-installation.65/


----------



## ryrhino (Jul 28, 2013)

I have the windows iso file on my desktop. How do I mount it? 
My default program for .iso files is ImgBurn I don't know how to change the .iso file if I need to do so. I don't know how to mount a file from ImgBurn.
I don't have the option to right click and select mount in file history or on the icon on the desktop.


----------



## dmccoy (Oct 7, 2017)

Imgburn must of changed your file association. I would recommend downlooading 7zip which will allow you to extract the image and then run the setup.exe file.

http://www.7-zip.org/download.html


----------



## ryrhino (Jul 28, 2013)

I ran repair install. I don't know if this helps but after repair install my desktop background returned to my previous back ground picture.
I ran ddu in safe mode. Do I need to run ddu in regular mode?
Below is speccy before running ddu.









My pc is a Lenovo H 535.


----------



## dmccoy (Oct 7, 2017)

Okay good job. What is the model of your Lenevo?


----------



## ryrhino (Jul 28, 2013)

My pc is a Lenovo H 535.


----------



## dmccoy (Oct 7, 2017)

Okay go to the following link and run the Update Your System utility. Then we will check for updates for GPU from AMD if needed

https://pcsupport.lenovo.com/us/en/.../lenovo-h-series-desktops/lenovo-h535-desktop


----------



## ryrhino (Jul 28, 2013)

Should I download all the drivers listed on the link you provided? If not all of them which should I download?
I did download a graphics driver. I had the website auto detect my system. The graphics driver that was downloaded was for a H 530 machine is this alright? My machine is h 535.


----------



## dmccoy (Oct 7, 2017)

Did you run the auto detect utility? Can you provide a screenshot of the drivers listed


----------



## ryrhino (Jul 28, 2013)

I am going to post some screen shots and brief explanation of each. This first one is the option given after I click on the blue update your system. This is where I got the driver download that said it was for a H 530.







This screen shot is from the link you provided and I click on Drivers and Software on the top of the page. Please let me know which of those items on the list you would like me to expand and give you a screen shot.







This shot is from the Display and Video Graphics (6) when it is expanded from the list of drivers for H 535. The first driver listed is the one that showed when I ran the update your system and went to the H 530.


----------



## dmccoy (Oct 7, 2017)

On the first pic it only showed the one driver when you ran the system update, correct? Download that driver

Second pic, only download the newest Chipset driver

Third Pic, Download the first AMD Discreet video driver ver 15.20.1040
There is a newer version but it is known to have issues so I would start with this one. Then you can create a restore point and upgrade to the one in link below if you would like to try it.

http://support.amd.com/en-us/download/desktop/legacy?product=legacy3&os=Windows 10 - 64


----------



## ryrhino (Jul 28, 2013)

I downloaded the first driver listed on the third pic. It was the only driver listed when I ran the system update.


----------



## dmccoy (Oct 7, 2017)

Okay I misread and only saw the card reader driver. Is it the same version as the one I listed?


----------



## ryrhino (Jul 28, 2013)

The one I downloaded is call the AMD Onboard Graphic Driver 10.0.0.00 This is the one that was showing when I ran the system check.

The link you provided to the amd webpage what difference would that make should I choose to download that one?


----------



## dmccoy (Oct 7, 2017)

This what your gaphics card shows which would be the one I listed. 

Graphics Card: AMD Radeon HD 7560D, 768 Mb


----------



## ryrhino (Jul 28, 2013)

In other words my graphic card driver is up to date? Is that correct?

You said several posts ago that I could have virus issues. If so what do we need to do to resolve that?

Thanks again for all your help.


----------

