Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Bitmotion-New Tab" added in Chrome (can't get rid of it&#


  • Please log in to reply

#151
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Here's process explorer after the "fix windows update":

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 61.97 0 K 4 K 0
procexp64.exe 21.84 22,980 K 54,868 K 3752 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
reader_sl.exe 7.38 1,968 K 8,288 K 1384 Adobe Acrobat SpeedLauncher Adobe Systems Incorporated (Verified) Adobe Systems
dwm.exe 3.03 42,240 K 32,112 K 5740 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 1.81 128 K 1,520 K 4
Interrupts 1.64 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 0.71 2,024 K 5,164 K 5312 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.50 26,328 K 70,720 K 2012 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
aswidsagenta.exe 0.37 20,920 K 33,892 K 3928 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
chrome.exe 0.27 105,756 K 157,028 K 6028 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.13 5,152 K 11,112 K 2676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastSvc.exe 0.11 103,780 K 40,928 K 1760 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
services.exe 0.09 3,316 K 7,588 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.04 18,284 K 24,044 K 5796 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
chrome.exe 0.04 75,084 K 121,496 K 2428 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.03 63,600 K 75,760 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 8,660 K 22,852 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe 0.01 4,788 K 17,872 K 5412 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
chrome.exe 0.01 56,560 K 92,656 K 5592 Google Chrome Google Inc. (Verified) Google Inc
stacsv64.exe < 0.01 2,132 K 9,016 K 1232 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
hpservice.exe < 0.01 1,220 K 5,752 K 1452 HpService Hewlett-Packard Company (Verified) Hewlett-Packard Company
WmiPrvSE.exe 2,568 K 8,784 K 3972 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,456 K 5,996 K 1836 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,324 K 8,240 K 5420 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,244 K 5,232 K 580 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 5,900 K 17,856 K 3456 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,120 K 4,604 K 6048 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 1,076 K 4,224 K 2648 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 36,404 K 65,044 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 39,864 K 23,368 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,636 K 9,688 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,924 K 21,740 K 68 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 13,300 K 25,828 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,352 K 17,860 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,872 K 16,064 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,400 K 11,280 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,432 K 9,276 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,436 K 18,112 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,560 K 21,156 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,156 K 18,780 K 4772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,152 K 7,204 K 5032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sttray64.exe 6,552 K 18,672 K 4100 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 5,764 K 14,480 K 1904 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 416 K 1,200 K 376 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 8,492 K 14,936 K 1632 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 4,696 K 19,336 K 4588 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 19,348 K 53,044 K 5804 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 43,548 K 90,896 K 2960 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 23,616 K 26,268 K 1684 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,452 K 22,868 K 4656 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,124 K 10,644 K 804 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Memory Compression 48 K 916 K 2976
lsass.exe 5,052 K 13,936 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
fontdrvhost.exe 816 K 3,388 K 4688 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,688 K 4,668 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 1,192 K 5,040 K 1856 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 68,996 K 109,500 K 5284 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,500 K 9,516 K 3200 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,476 K 10,132 K 4484 Google Chrome Google Inc. (Verified) Google Inc
BrYNSvc.exe 2,372 K 9,240 K 5052 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
audiodg.exe 6,728 K 12,880 K 6124 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,332 K 6,336 K 2512 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
agr64svc.exe 600 K 2,752 K 2496 LSI Soft Modem Call Progress Service LSI Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
AESTSr64.exe 564 K 2,836 K 2504 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

  • 0

Advertisements


#152
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

We lost a little ground on the Interrupts but perhaps not enough to slow it down.  Adobe Reader has popped up - perhaps doing an update too.

 

How does it feel now?  Does it feel faster?


  • 0

#153
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

I don't usually use this one, but compared to what we had at the start I would say it is greatly improved!  


  • 0

#154
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Here's a proc exp:

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 36.23 0 K 4 K 0
procexp64.exe 26.76 22,056 K 53,336 K 4080 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 21.93 58,888 K 70,980 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dwm.exe 5.33 40,460 K 29,812 K 1412 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 2.97 26,516 K 71,368 K 5520 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Interrupts 2.60 0 K 0 K n/a Hardware Interrupts and DPCs
System 1.41 128 K 1,528 K 4
csrss.exe 1.04 1,904 K 4,980 K 1716 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe 0.94 4,780 K 17,860 K 3840 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
aswidsagenta.exe 0.32 20,452 K 35,996 K 3928 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
SearchIndexer.exe 0.10 27,912 K 28,612 K 1684 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 0.09 102,596 K 40,164 K 1760 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.09 4,700 K 9,760 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.06 8,684 K 22,920 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Memory Compression 0.06 68 K 4,264 K 2976
svchost.exe 0.05 5,332 K 11,284 K 2676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.01 14,868 K 5,436 K 1460 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe < 0.01 35,464 K 59,796 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
stacsv64.exe < 0.01 2,136 K 8,980 K 1232 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe < 0.01 2,456 K 9,316 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
hpservice.exe < 0.01 1,224 K 5,748 K 1452 HpService Hewlett-Packard Company (Verified) Hewlett-Packard Company
WmiPrvSE.exe 2,400 K 8,568 K 3172 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,464 K 5,988 K 1836 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,344 K 8,236 K 708 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,328 K 5,328 K 580 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 5,128 K 16,452 K 4024 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,124 K 4,604 K 3344 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 1,044 K 4,204 K 2648 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 7,480 K 17,940 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,456 K 22,336 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,968 K 16,120 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,256 K 11,228 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 16,076 K 24,496 K 68 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 13,400 K 25,904 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,124 K 18,840 K 4152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,324 K 19,008 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,504 K 21,484 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,236 K 7,060 K 5032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sttray64.exe 6,580 K 18,652 K 896 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 5,748 K 14,392 K 1904 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 416 K 1,200 K 376 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 8,548 K 14,916 K 104 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 4,812 K 19,268 K 528 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 19,344 K 53,216 K 5580 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,296 K 7,564 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 43,728 K 91,068 K 2268 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 2,680 K 9,856 K 3612 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 4,504 K 15,988 K 764 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,968 K 21,276 K 5620 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,120 K 10,596 K 1964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
lsass.exe 5,236 K 14,460 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
fontdrvhost.exe 828 K 3,388 K 5644 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,636 K 4,660 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 1,192 K 5,040 K 1856 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
BrYNSvc.exe 2,372 K 9,232 K 5052 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
audiodg.exe 7,064 K 10,856 K 1928 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,328 K 6,328 K 2512 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
agr64svc.exe 600 K 2,748 K 2496 LSI Soft Modem Call Progress Service LSI Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
AESTSr64.exe 564 K 2,836 K 2504 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

  • 0

#155
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

searchfilterhost kept jumping up to the top while I was running process explorer this last time


  • 0

#156
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Curses.

 

Still looks ugly.  SVCHost is back.  Interrupts went high too.

 

Does Windows Update show any updates?

 

 

Have we tried just running on battery?  

 

Speaking of battery your laptop had a battery recall.  Too bad you have a generic battery now.  Don't suppose you kept the old one?


  • 0

#157
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

I checked windows update:  "Your device is up to date. Last checked: Today, ‏‎5:46 PM"

 

I'm running on battery now.  I have been running just on the AC adapter.  

 

I laughed when I read your comment about the battery recall.  I've had several (original) batteries sitting downstairs for more than year and just recently recycled them (wouldn't you know there'd be a recall!

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 56.00 0 K 4 K 0
svchost.exe 18.34 62,296 K 74,324 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
procexp64.exe 16.11 22,688 K 53,276 K 2608 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 3.40 0 K 0 K n/a Hardware Interrupts and DPCs
System 2.73 128 K 1,532 K 4
dwm.exe 2.13 48,092 K 38,156 K 2148 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.51 1,956 K 5,012 K 3016 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.21 27,748 K 74,044 K 3180 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.18 5,300 K 11,264 K 2676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.13 83,216 K 131,188 K 4532 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.09 69,224 K 108,280 K 3468 Google Chrome Google Inc. (Verified) Google Inc
AvastSvc.exe 0.08 104,388 K 42,580 K 1760 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.04 36,092 K 61,628 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.02 14,920 K 7,560 K 5428 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
aswidsagenta.exe 0.01 21,116 K 36,184 K 3928 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.
svchost.exe 0.01 4,768 K 9,840 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe < 0.01 4,780 K 17,844 K 4756 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
stacsv64.exe < 0.01 2,136 K 8,976 K 1232 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
hpservice.exe < 0.01 1,208 K 5,744 K 1452 HpService Hewlett-Packard Company (Verified) Hewlett-Packard Company
WmiPrvSE.exe 2,520 K 8,664 K 1556 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,464 K 5,988 K 1836 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,384 K 8,248 K 5604 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,324 K 5,344 K 580 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 5,796 K 17,356 K 5152 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,124 K 4,600 K 4016 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 1,020 K 4,200 K 2648 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 13,768 K 26,296 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,580 K 22,528 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,768 K 23,056 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,640 K 24,220 K 68 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,512 K 18,016 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,500 K 21,420 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,944 K 18,856 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,304 K 11,248 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,960 K 16,128 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,476 K 9,336 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,392 K 7,160 K 5032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,192 K 18,756 K 4312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,648 K 6,424 K 3032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
sttray64.exe 6,600 K 18,664 K 4732 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 5,748 K 14,404 K 1904 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 420 K 1,196 K 376 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 8,512 K 14,880 K 5812 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 4,572 K 19,644 K 1076 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 23,076 K 62,056 K 2452 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,132 K 7,516 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 44,504 K 92,124 K 2248 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 2,932 K 9,992 K 5092 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 24,384 K 28,672 K 1684 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 4,440 K 13,664 K 2852 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,108 K 20,828 K 3112 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,124 K 9,144 K 604 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Memory Compression 84 K 5,840 K 2976
lsass.exe 5,232 K 14,456 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
fontdrvhost.exe 816 K 3,392 K 4684 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,116 K 9,568 K 4316 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,636 K 4,664 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 1,244 K 5,056 K 1856 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 54,988 K 91,128 K 5892 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 69,096 K 110,132 K 2252 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,488 K 10,152 K 1392 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,492 K 9,420 K 4508 Google Chrome Google Inc. (Verified) Google Inc
BrYNSvc.exe 2,380 K 9,264 K 5052 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
audiodg.exe 7,168 K 11,064 K 772 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,328 K 6,328 K 2512 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ApplicationFrameHost.exe 5,332 K 18,716 K 672 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
agr64svc.exe 600 K 2,748 K 2496 LSI Soft Modem Call Progress Service LSI Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
AESTSr64.exe 564 K 2,836 K 2504 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

  • 0

#158
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Running on Battery shows a higher Interrupt so probably not a problem with the power supply.  (Many HP laptops use a center pin connector so they can detect non-HP adapters and then they run slower supposedly to protect the CPU but in reality to make you buy their stuff.)

 

Let's verify the svchost is windows update
 

 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
If you have rebooted since the last log please make a new one.

  • 0

#159
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       376 N/A                                         
csrss.exe                      504 N/A                                         
wininit.exe                    580 N/A                                         
services.exe                   636 N/A                                         
lsass.exe                      644 KeyIso, SamSs, VaultSvc                     
svchost.exe                    716 BrokerInfrastructure, DcomLaunch, LSM,      
                                   PlugPlay, Power, SystemEventsBroker         
svchost.exe                    808 RpcEptMapper, RpcSs                         
svchost.exe                   1008 Appinfo, DoSvc, gpsvc, IKEEXT, iphlpsvc,    
                                   LanmanServer, lfsvc, ProfSvc, Schedule,     
                                   seclogon, SENS, ShellHWDetection, Themes,   
                                   UserManager, Winmgmt, WpnService, wuauserv  
svchost.exe                   1016 BFE, CoreMessagingRegistrar, DPS, MpsSvc    
svchost.exe                     68 Dhcp, EventLog, lmhosts, TimeBrokerSvc,     
                                   wscsvc                                      
svchost.exe                    408 AudioEndpointBuilder,                       
                                   DeviceAssociationService, hidserv,          
                                   NcbService, Netman, PcaSvc, SmsRouter,      
                                   StorSvc, SysMain, TrkWks, WdiSystemHost,    
                                   wudfsvc                                     
svchost.exe                   1028 CDPSvc, EventSystem, FontCache,             
                                   LicenseManager, netprofm, nsi,              
                                   WdiServiceHost, WinHttpAutoProxySvc         
svchost.exe                   1116 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
stacsv64.exe                  1232 STacSV                                      
svchost.exe                   1356 Audiosrv                                    
hpservice.exe                 1452 hpsrv                                       
svchost.exe                   1568 Wcmsvc                                      
svchost.exe                   1660 StateRepository, tiledatamodelsvc           
svchost.exe                   1672 WlanSvc                                     
SearchIndexer.exe             1684 WSearch                                     
AvastSvc.exe                  1760 avast! Antivirus                            
wlanext.exe                   1836 N/A                                         
conhost.exe                   1856 N/A                                         
spoolsv.exe                   1904 Spooler                                     
agr64svc.exe                  2496 AgereModemAudio                             
AESTSr64.exe                  2504 AESTFilters                                 
armsvc.exe                    2512 AdobeARMservice                             
svchost.exe                   2536 DiagTrack                                   
SynTPEnhService.exe           2648 SynTPEnhService                             
svchost.exe                   2676 stisvc                                      
Memory Compression            2976 N/A                                         
aswidsagenta.exe              3928 aswbIDSAgent                                
BrYNSvc.exe                   5052 BrYNSvc                                     
svchost.exe                   5032 SSDPSRV                                     
csrss.exe                     3016 N/A                                         
winlogon.exe                  5604 N/A                                         
dwm.exe                       2148 N/A                                         
SynTPEnh.exe                  4756 N/A                                         
svchost.exe                   4312 CDPUserSvc_42437a, OneSyncSvc_42437a        
sihost.exe                    1076 N/A                                         
taskhostw.exe                 5152 N/A                                         
SynTPHelper.exe               4016 N/A                                         
RuntimeBroker.exe             3112 N/A                                         
explorer.exe                  3180 N/A                                         
ShellExperienceHost.exe       2452 N/A                                         
SearchUI.exe                  2248 N/A                                         
sttray64.exe                  4732 N/A                                         
AvastUI.exe                   5428 N/A                                         
dllhost.exe                   4316 N/A                                         
ApplicationFrameHost.exe       672 N/A                                         
fontdrvhost.exe               4684 N/A                                         
SystemSettings.exe            6100 N/A                                         
SearchProtocolHost.exe        5916 N/A                                         
SearchFilterHost.exe          5580 N/A                                         
audiodg.exe                   1420 N/A                                         
smartscreen.exe               4036 N/A                                         
chrome.exe                    4048 N/A                                         
chrome.exe                    5316 N/A                                         
chrome.exe                    5068 N/A                                         
chrome.exe                    2472 N/A                                         
chrome.exe                     848 N/A                                         
chrome.exe                    1508 N/A                                         
dllhost.exe                   2560 N/A                                         
dllhost.exe                   1516 N/A                                         
cmd.exe                       4588 N/A                                         
conhost.exe                   1796 N/A                                         
tasklist.exe                  4180 N/A                                         
WmiPrvSE.exe                  3288 N/A                                         

  • 0

#160
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

Not Windows Update this time.

 

svchost.exe 18.34 62,296 K 74,324 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

 

 

svchost.exe                    408 AudioEndpointBuilder,                       
                                   DeviceAssociationService, hidserv,          
                                   NcbService, Netman, PcaSvc, SmsRouter,      
                                   StorSvc, SysMain, TrkWks, WdiSystemHost,    
                                   wudfsvc      
 
Have we done dism and sfc on this one yet?
 
Open an elevated command prompt:
 
 
If you open an elevated command prompt it will by default open in c:\Windows\system32
 
Once you have an elevated command prompt:
 
Type:
 
 DISM  /Online  /Cleanup-Image  /RestoreHealth
 
 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 
sfc  /scannow
 
 
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then type:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
 
Hit Enter.  Then type::
 
 
notepad  \junk.txt 
 
Hit Enter. 
 
 Copy the text from notepad and paste it into a reply.
 
 
After you finish SFC, regardless of the result:
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

  • 0

Advertisements


#161
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

I don't think we did either dism or sfc.  Dism is running now on the laptop.  I'll run sfc as soon as it finishes.


  • 0

#162
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

Windows did not find any integrity violations (a good thing)


  • 0

#163
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

VEW system:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 05/07/2017 9:02:05 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/07/2017 1:09:00 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 05/07/2017 1:07:06 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user mel-PC\mel SID (S-1-5-21-1930977450-1904899304-3597289394-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 05/07/2017 12:33:44 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 05/07/2017 12:38:36 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 05/07/2017 12:10:38 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 10:42:34 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 9:06:32 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 9:05:27 PM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Log: 'System' Date/Time: 04/07/2017 8:53:13 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 12:40:50 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 12:24:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 12:20:21 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 11:58:18 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 11:57:17 AM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Log: 'System' Date/Time: 04/07/2017 11:38:22 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 1:50:09 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 1:19:35 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 1:10:39 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 12:36:28 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}  and APPID  {F72671A9-012C-4725-9D2F-2A4D32D65169}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 04/07/2017 12:34:22 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The HPWMISVC service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/07/2017 1:19:51 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T11:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy3'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.
 
Log: 'System' Date/Time: 05/07/2017 1:19:48 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T11:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.
 
Log: 'System' Date/Time: 05/07/2017 1:19:44 PM
Type: Warning Category: 0
Event: 4 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T11:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy4'.  The filter returned a non-standard final status of 0xC000000D.  This filter and/or its supporting applications should handle this condition.  If this condition persists, contact the vendor.
 
Log: 'System' Date/Time: 05/07/2017 1:08:49 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 05/07/2017 1:08:38 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 05/07/2017 1:07:49 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 05/07/2017 12:33:43 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 05/07/2017 12:38:37 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 05/07/2017 12:10:38 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 04/07/2017 10:42:35 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 04/07/2017 9:38:56 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name rewppbmnevilb timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 04/07/2017 9:06:28 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 04/07/2017 9:06:19 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 04/07/2017 9:05:29 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 04/07/2017 8:53:12 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 04/07/2017 12:40:49 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 04/07/2017 12:40:40 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 04/07/2017 12:39:50 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll 
 
Log: 'System' Date/Time: 04/07/2017 12:24:17 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.
 
Log: 'System' Date/Time: 04/07/2017 12:24:06 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

  • 0

#164
tl79

tl79

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 178 posts

VEW application:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 05/07/2017 9:03:35 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/07/2017 1:16:52 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Log: 'Application' Date/Time: 04/07/2017 1:11:59 AM
Type: Error Category: 0
Event: 10007 Source: Microsoft-Windows-RestartManager
Application or service 'HPWMISVC' could not be restarted.
 
Log: 'Application' Date/Time: 04/07/2017 12:33:54 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied. .
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/07/2017 1:11:47 AM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe' (pid 2868) cannot be restarted - Application SID does not match Conductor SID..

  • 0

#165
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,168 posts
  • MVP

You might want to get rid of 

 

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

 

I can't see how it starts and it is not in the list of installed programs.  Does it show up in msconfig so you can uncheck it?

 

Can I see another Process Explorer log?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP