Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer was compromised by friend "checking email"


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Speccy says the temps are good and the hard drive is in very good shape so nothing obvious.  It does show only 1 slot of 2 in use and only 4 GB of DDR3 RAM.  64 bit PC seem to prefer 8 so adding RAM might speed it up.

 

You can uninstall Speccy if you haven't already.

 

Process Explorer says System Idle looks good.  It's over 90% so nothing is currently hogging the CPU.  You do have 3 processes suspended - I suspect because they do not have signatures.

 

HxTsr.exe    Suspended    7,360 K    23,236 K    5336    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HxMail.exe    Suspended    28,880 K    54,880 K    10364    Microsoft Outlook Mail    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
SkypeHost.exe    Suspended    16,404 K    5,624 K    1900    Microsoft Skype    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
 
They are all supposed to be from Microsoft which should know better than to send out files without signatures.  First two are part of Outlook.  Last one is Skype.
 
The next three I want to mention are part of LG's Dual Smart Solution.  (Also without signatures but not suspended.  Don't know why they get special treatment):
 
 
Dual Smart Solution.exe    0.01    2,124 K    8,644 K    7200    Dual Smart Solution    LG Electronics    (No signature was present in the subject) LG Electronics
TestDDCCI.exe    0.35    2,648 K    8,516 K    18496    TestDDCCI MFC Application        (No signature was present in the subject)
SmartHookTestApp.exe        1,980 K    7,672 K    18356    TODO: <File description>    TODO: <Company name>    (No signature was present in the subject) TODO: <Company name>
 
They have a reputation for sometimes hogging the CPU tho they don't appear to be doing so now.  I believe there is a version 2.7 out (you have 2.5) so you might check LG's site for new software for your monitor.  If you never use a second monitor you can probably uninstall it.
 
We can clear the events, reboot and look at the errors we get to see if something is broken.  Sometimes this will reveal a service that doesn't start or some other error will which slow things down.
 
Copy the next line:
 
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 
Windows key + x and choose Command Line (Admin)  (There are two so make sure you get the admin one)
 
Right click in the Command Window and  Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.
 
When the prompt returns,
 
reboot.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
 

  • 0

Advertisements


#17
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

Been out of town...thanks for your patience.

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 10/03/2016 12:29:02 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/03/2016 6:24:22 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 10/03/2016 6:23:30 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_95e6b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 10/03/2016 6:23:30 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_95e6b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 10/03/2016 6:23:30 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_95e6b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 10/03/2016 6:23:30 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_95e6b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/03/2016 6:24:23 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\SqlLiteRecoveryTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:23 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\DispatchRecoveryTasks definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:22 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ConfigureInternetTimeService definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:22 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PBDADiscoveryW2 definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:22 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PvrRecoveryTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:22 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ehDRMInit definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:21 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PBDADiscoveryW1 definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:21 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\InstallPlayReady definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:21 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\mcupdate definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.

Log: 'System' Date/Time: 10/03/2016 6:24:21 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\MediaCenterRecoveryTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\UpdateRecordPath definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\RegisterSearch definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\OCURActivate definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PBDADiscovery definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ReindexSearchRoot definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PeriodicScanRetry definition. Additional Data: Error Value: %windir%\ehome\MCUpdate.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\PvrScheduleTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ActivateWindowsSearch definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\OCURDiscovery definition. Additional Data: Error Value: %SystemRoot%\ehome\ehPrivJob.exe.

Log: 'System' Date/Time: 10/03/2016 6:24:19 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask definition. Additional Data: Error Value: %SystemRoot%\ehome\mcupdate.exe.
 


  • 0

#18
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 10/03/2016 12:30:20 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/03/2016 6:27:45 PM
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Users\Susan\Desktop\JB MALWARE FOLDER\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/03/2016 6:24:46 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint c5 15 aa f6 4d b1 db f1 ea a5 72 ef 32 0a 09 81 68 29 91 66 is about to expire or already expired.
 


  • 0

#19
shorthaul99

shorthaul99

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 100 posts

I am assuming everything is OK since I haven't gotten a response about the last post?


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Sorry for the delay.  Somehow I didn't get a notification.

 

You have some errors leftover from the Win 10 conversion.  Apparently Win 10 does not support Media Center and Task Scheduler is complaining.  We can fix them but I need another FRST additon.txt log  otherwise it looks pretty good.  How is it running now?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP