CHKDSK damages Partition Table

[AndyTampa]

Attached are the files from the 3 commands you had me run.

Why would that stuff show up now after we fix everything else? Could it be because every couple of reboots require me to do a startup repair because the computer couldn't find a system partition?

 

[NoelDP]

I can't say I understand anything in the registry output - but there is one point of interest/concern
NextAutoRecoverFile REG_DWORD 0xffffffff

There's also this cryptic entry....
LastServiceStopMissed REG_SZ 2013/1/1 23:34:47'76

Like I say - I have no idea what they mean

everything else looks pretty normal to me.

Perhaps the Event logs will show something more informative?
Please compress the Windows System and Application Event logs, and attach them to a reply.

 

[AndyTampa]

Please compress the Windows System and Application Event logs, and attach them to a reply.

Okay, you stumped me on that one. I don't know how to do what you asked. Also, can the logs be taken from a particular date forward, or will it have to be all the way from March 2011?

 

[NoelDP]

Sorry - I thought we'd covered that earlier....
Open Event Viewer
In the left pane, navigate to the Windows logs
right-click on Application, and select 'Save all events as....' APPS.evtx
right-click on System, and select 'Save all events as....' SYS.evtx

then compress both files, and attach then to your reply.

 

[NoelDP]

you may be interested in this thread.....
dll file deleted After running online eset antivirus scan - Microsoft Community

 

[AndyTampa]

NoelDP,

Here are the logs you asked for.

I looked at the thread and I see that his SFC log is almost identical to mine, but his issue was about something else. The files in the log were not addressed. It might have been a coincidence that his logs are the same as mine. Since those file errors don't really have any symptoms other than showing up in a log, his issue may be getting clouded by the discovery of those file errors.

My issue is just to fix any system errors before I move the O/S to a new drive. These showed up after deleting some .man files, but now those files are back and these two new file errors appeared.

 

[NoelDP]

I can't see anything directly relating to those errors (which doesn't mean there's nothing there! - simply that I don't know enough)
You do have a number of faulting applications, though
Windows Live - is leaving a lot of stuff in the registry at shutdown (it seems to be that way on everyone's machine)
WordPerfect is having multiple problems
Cyberlink Power (Producer?) is throwing errors
Scheduled Tasks are failing at boot - which ones aren't specified - Event ID 412
Some updates appear to be failing. Event ID 4374
Windows Search is throwing errors

You're getting multiple DCOM server failures - I haven't tried to find out what from.
The NetLogon service appears to be configured to Automatic, rather than manual
Today's winner in the error-generation stakes is DHCP Event ID 1003

,,,,and those are only the frequent ones


Please try running the following commands in an Elevated Command Prompt - and we'll check some of the findings

SC QUERYEX SCHEDULE
NET START SCHEDULE
SC QC PPP
SC QUERYEX PPP
IPCONFIG /ALL

 

[AndyTampa]

Okay, I got to those tests. One of them would not output to the file, so I copy and pasted the results into the file. I also pasted the commands I used before each result.

 

[NoelDP]

Apart from some fairly odd DNS servers, there's nothing unexpected there. You may want to check that you have the proper servers set up.

The PPP service not installed isn't a surprise - there is an entry in the event logs for the service 'ppped' which I must have misread (I think it's from your Cyberlink Power Producer?), but the error only appears once, so can probably be discounted.

There are a fair number of errors associated with Windows Mail (I keep forgetting we're talking Vista, until I see those!)

WinMail (11220) WindowsMail0: An attempt to remove the folder "C:\Users\Andy\AppData\Local\Microsoft\Windows Mail\Backup\old" failed with system error 145 (0x00000091): "The directory is not empty. ".  The remove folder operation will fail with error -1022 (0xfffffc02).

Just for tidiness, I'd try closing WinMail, manually deleting the content of that folder and rebooting - you may find that WinMail responds a little better.

WordPerfect appears to be producing a fair number of errors as well

Detection of product '{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}', feature 'WPProg' failed during request for component '{817A952A-DA35-48EC-8732-4708D278C654}'
 
Detection of product '{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}', feature 'QPProg' failed during request for component '{79AE2737-9C36-4508-ACC8-223A10C02856}'

Also FireFox appears to be causing problems with Search...

The entry <C:\USERS\ANDY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\T0J6A718.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:

	A device attached to the system is not functioning.   (0x8007001f)

Adobe Reader is causing problems while updating....

Product: Adobe Reader X (10.1.5) -- Error 1310.Error writing to file: C:\Config.Msi\9d5151f.rbf.  System error 5.  Verify that you have access to that directory.

You're getting persistent 10016 errors -

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 

{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}

 and APPID 

NT AUTHORITY

 to the user LOCAL SERVICE\S-1-5-19 SID (LocalHost (Using LRPC)) from address %9. This security permission can be modified using the Component Services administrative tool.

DCOM error 10016 in event viewer / windows 7 home premium, 64bit - Microsoft Community would seem a good place to start.


The other DCOM errors appear to be related to Catalyst drivers - please check that you have an up-to-date set of drivers for your graphics.

Once you've got as many of those cleared as possible, please post a new set of Event logs, and we'll take another look.

 

[AndyTampa]

It's going to take a while to address all of those. When I looked in the event log, I noticed a few more like the Time Service, NETLOGON, Media Player, and Task Scheduler that had errors. They didn't concern you?

Is there a way to only download to a file only errors from a particular range of dates? Would it be unwise to just clear the event logs? If so, then should I start a new log before or after making repairs?

 

[NoelDP]

Time Service ones aren't a problem - they just mean that the system hadn't opened the firewall before attempting to contact the server.
NETLOGON isn't a significant concern, I don't think - I did a quick check, and it may just need an adjustment in the service paramters, or it may switch off by itself.
Media Player, I'm not too fussed about - that'll come later
Task Scheduler is probably a resultant error from the others (I hope)

 

[AndyTampa]

What about the event log?

Is there a way to only download to a file only errors from a particular range of dates? Would it be unwise to just clear the event logs? If so, then should I start a new log before or after making repairs?

 

[NoelDP]

Ah - sorry, I missed that.... (Not enough caffeine, and we have the first snow of the year - 4inches and still going strong)

You can clear the whole log any time really - it'll offer to create a backup file (you already have one up to a couple of days ago now).
It'll start a new one immediately, anyhow.

 

[AndyTampa]

Noel, I cleared the logs on 1/23. I'm sorry it's been a while, but it's difficult finding several undisturbed hours in a row to dedicate to my computer. I've got too many irons in the fire, including helping the parents while you're helping me. Here is what I've done:

WinMail - I could not remove the referenced folder since it didn't exist when I tried. It seems to be self-resolved.

WordPerfect - I started the process of repairing this at 1:40pm on 1/27/13. I removed it and reinstalled it. During the install of the product and a service pack, I received several errors that are in the log file exactly like the Adobe error when "writing to a file". Then it asks that I verify I have access to that directory. On each error, I merely clicked "retry" and the installation continued. In every instance I checked, the referenced file or directory didn't exist when the error occurred. I completed the repair just after 3:00pm. Any errors after 3:20pm would be actual errors we might be concerned with.

Adobe - See WordPerfect explanation

Netlogon - I disabled the service.

Firefox - I don't understand the error and am not seeing the error in the current logs. These errors could have ended up self-resolving with successive updates of Firefox.

DistributedCOM - My errors didn't exactly match the error on the page to which you linked, but after several searches, I happened to end up in the same place. I did find another page that seemed like a better fit for my particular circumstances (DescriptionEvent ID: 1016 appears every 10 minutes. Unable to - Microsoft Community), but the fix seemed a bit too general. I followed the instructions on the page to which you sent me and it appeared that each step was already done up to step 12. I checked Local Launch and that's it. This was 5:05pm 1/27/13.

Scheduled Tasks threw an error and when I went into Task Scheduler, I got this error: "The task image is corrupt or has been tampered with.ManualDefrag". It was the only error I found.

The System log shows multiple Dhcp-Client errors that occur only while I'm VPN'd into my office computer or off the network.

The odd DNS servers you noted are correct. I've been trying out the OpenNIC servers.

I've attached the event logs after doing these repairs, but I don't think there's been enough time to gather information. To that end, I'm including the event logs up to the day I cleared them. I've also included those command line test you had me do earlier.

I am concerned about one thing from the logs and that is the Application Event Warning for the User Profile Service with Event ID 1530. It seems to happen alot and mentions leaky registry handles. Is that normal?

Since I only just fixed the errors, should I wait some days and repost the logs? How many days would you want me to wait?

 

[NoelDP]

The Userprofile 1530 errors are common - I get some with almost every shutdown/restart - and so long as they only relate to Windows Live services, they can be ignored, so far as I know.

Have a look at one of my 1530 errors....

Log Name:      Application
Source:        Microsoft-Windows-User Profiles Service
Date:          21/12/2012 15:56:40
Event ID:      1530
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      NoelAsus-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  
 DETAIL - 
 46 user registry handles leaked from \Registry\User\S-1-5-21-2025428036-2626030595-3146414242-1000:
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\trust
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\trust
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\trust
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Root
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Root
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Root
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\My
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\My
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\My
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\CA
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\CA
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\CA
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\Internet Explorer\Main
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies
Event Xml:
<Event xmlns="[url=http://schemas.microsoft.com/win/2004/08/events/event]Error[/url]">
  <System>
    <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
    <EventID>1530</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2012-12-21T15:56:40.049247200Z" />
    <EventRecordID>32725</EventRecordID>
    <Correlation />
    <Execution ProcessID="1012" ThreadID="8848" />
    <Channel>Application</Channel>
    <Computer>NoelAsus-PC</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="EVENT_HIVE_LEAK">
    <Data Name="Detail">46 user registry handles leaked from \Registry\User\S-1-5-21-2025428036-2626030595-3146414242-1000:
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\trust
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\trust
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\trust
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies\Microsoft\SystemCertificates
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Root
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Root
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Root
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\My
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\My
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\My
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\CA
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\CA
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\CA
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\Internet Explorer\Main
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1012 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 712 (\Device\HarddiskVolume2\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2296 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1184 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2025428036-2626030595-3146414242-1000\Software\Policies
</Data>
  </EventData>
</Event>

Give it a few days - say until Friday - and post a new set of logs, and we'll see how successful you've been (this assumes that you'll be rebooting once a day, 5 boots with a reasonable amount of use in between should be able to show any change in behaviour)

 

[NoelDP]

Heh - I might have to do some work on that log - but it's one of the worst in recent weeks, I think!

 

[AndyTampa]

Noel, I don't reboot every day. In fact I reboot as little as possible because every other reboot results in an invalid partition that then needs to be repaired. I haven't done those backups yet so I'm afraid of those reboots.

The logs that you have for the last 4 days are relatively clean. As I explained in my post, the multitudes of WordPerfect errors are from the uninstall and reinstall. Errors are logged, I am asked to retry, and then everything works fine. The errors just don't get erased. Were you speaking of my logs or your own?

Also, those DCOM errors appear to be for a file that is Windows7 specific, but I am using Vista Home Premium.

 

[NoelDP]

I couldn't find any logs attached to your post - so my comment was directed at my errors!
Want to try uploading your logs again?

 

[AndyTampa]

That's weird. It was a zip file so, at 4.57MB, it shouldn't have been a problem. Here goes again.

EDIT: I posted my reply and the attachment doesn't show up. But when I go back to edit the post, the attachment is still there. The same appears in the previous post with the attachment. I have to go to work, so I'll try later. Even if it doesn't work, we have until this next weekend to get usable information. I hope we can fix the problem by then.

 

[AndyTampa]

Noel, I cleared the logs on 1/23. I'm sorry it's been a while, but it's difficult finding several undisturbed hours in a row to dedicate to my computer. I've got too many irons in the fire, including helping the parents while you're helping me. Here is what I've done:

WinMail - I could not remove the referenced folder since it didn't exist when I tried. It seems to be self-resolved.

WordPerfect - I started the process of repairing this at 1:40pm on 1/27/13. I removed it and reinstalled it. During the install of the product and a service pack, I received several errors that are in the log file exactly like the Adobe error when "writing to a file". Then it asks that I verify I have access to that directory. On each error, I merely clicked "retry" and the installation continued. In every instance I checked, the referenced file or directory didn't exist when the error occurred. I completed the repair just after 3:00pm. Any errors after 3:20pm would be actual errors we might be concerned with.

Adobe - See WordPerfect explanation

Netlogon - I disabled the service.

Firefox - I don't understand the error and am not seeing the error in the current logs. These errors could have ended up self-resolving with successive updates of Firefox.

DistributedCOM - My errors didn't exactly match the error on the page to which you linked, but after several searches, I happened to end up in the same place. I did find another page that seemed like a better fit for my particular circumstances (DescriptionEvent ID: 1016 appears every 10 minutes. Unable to - Microsoft Community), but the fix seemed a bit too general. I followed the instructions on the page to which you sent me and it appeared that each step was already done up to step 12. I checked Local Launch and that's it. This was 5:05pm 1/27/13.

Scheduled Tasks threw an error and when I went into Task Scheduler, I got this error: "The task image is corrupt or has been tampered with.ManualDefrag". It was the only error I found.

The System log shows multiple Dhcp-Client errors that occur only while I'm VPN'd into my office computer or off the network.

The odd DNS servers you noted are correct. I've been trying out the OpenNIC servers.

I've attached the event logs after doing these repairs and waiting a week as you suggested to give some time for errors to appear. I'm including the event logs up to the day I cleared them. I've also included those command line tests you had me do earlier. I'm going to attach the current logs separately from the ZIP file containing logs up to the day I cleared them. Hopefully, at least the current logs will be visible when I post.

EDIT: The files are not visible when I post them. This is strange. Is it possible my permission to add attachments has been revoked? Anyway, here is a link to the ZIP file containing all the files: https://skydrive.live.com/redir?resid=166CFC221211B4DA!179&authkey=!AD_k4BGMSa7cBvQ