Sounds like you tried to use a regular command prompt instead of an elevated command prompt. Check the link I gave you for how to do it. If you open an elevted command prompt the prompt will be:
C:\Windows\Sytem32>
Computer very slow; could it be a virus?
Started by
frogg25
, Jul 08 2017 11:44 PM
#17
Posted 17 August 2017 - 10:04 AM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 436 N/A
csrss.exe 740 N/A
wininit.exe 852 N/A
services.exe 980 N/A
lsass.exe 996 KeyIso, SamSs, VaultSvc
svchost.exe 572 PlugPlay
svchost.exe 608 BrokerInfrastructure, DcomLaunch, Power,
SystemEventsBroker
fontdrvhost.exe 660 N/A
svchost.exe 708 RpcEptMapper, RpcSs
svchost.exe 1056 LSM
svchost.exe 1200 NcbService
svchost.exe 1212 wudfsvc
svchost.exe 1284 TimeBrokerSvc
svchost.exe 1308 hidserv
svchost.exe 1408 TabletInputService
WUDFHost.exe 1504 N/A
svchost.exe 1528 EventLog
svchost.exe 1588 EventSystem
svchost.exe 1596 Themes
svchost.exe 1604 ProfSvc
svchost.exe 1732 SENS
igfxCUIService.exe 1772 igfxCUIService2.0.0.0
svchost.exe 1796 Schedule
svchost.exe 1900 AudioEndpointBuilder
svchost.exe 1908 FontCache
svchost.exe 2000 UserManager
svchost.exe 1456 SensrSvc
svchost.exe 2064 SensorService
WUDFHost.exe 2076 N/A
svchost.exe 2092 nsi
svchost.exe 2148 Dhcp
svchost.exe 2200 NlaSvc
svchost.exe 2244 StateRepository
svchost.exe 2276 Audiosrv
svchost.exe 2376 netprofm
hpservice.exe 2396 hpsrv
RtkAudioService64.exe 2476 RtkAudioService
svchost.exe 2568 Wcmsvc
svchost.exe 2576 Dnscache
svchost.exe 2584 DusmSvc
svchost.exe 2780 WlanSvc
svchost.exe 2832 ShellHWDetection
spoolsv.exe 2952 Spooler
svchost.exe 3012 BFE, CoreMessagingRegistrar, MpsSvc
svchost.exe 3060 LanmanWorkstation
svchost.exe 3168 SysMain
svchost.exe 3176 TrkWks
svchost.exe 3184 tiledatamodelsvc
esif_uf.exe 3192 esifsvc
SynTPEnhService.exe 3200 SynTPEnhService
EvtEng.exe 3224 EvtEng
RegSrvc.exe 3232 RegSrvc
vpnsvc.exe 3260 SecureLine
FNPLicensingService64.exe 3272 FlexNet Licensing Service 64
mfemms.exe 3288 mfemms
svchost.exe 3296 DeviceAssociationService
svchost.exe 3304 Winmgmt
svchost.exe 3312 DiagTrack
svchost.exe 3320 DPS
svchost.exe 3328 stisvc
svchost.exe 3336 CryptSvc
svchost.exe 3344 WpnService
svchost.exe 3352 PcaSvc
RichVideo64.exe 3428 RichVideo64
HPCommRecovery.exe 3436 HP Comm Recover
DbxSvc.exe 3444 DbxSvc
mfevtps.exe 3476 mfevtp
PenCommService.exe 3484 PenCommService
SecurityHealthService.exe 3492 SecurityHealthService
armsvc.exe 3500 AdobeARMservice
AppleMobileDeviceService. 3508 Apple Mobile Device Service
OfficeClickToRun.exe 3516 ClickToRunSvc
PEFService.exe 3524 PEFService
ibtsiva.exe 3552 ibtsiva
MsMpEng.exe 3752 WinDefend
AGSService.exe 3760 AGSService
svchost.exe 3972 WdiServiceHost
Memory Compression 4036 N/A
svchost.exe 3216 LanmanServer
svchost.exe 4208 iphlpsvc
wlanext.exe 4728 N/A
conhost.exe 4752 N/A
mfevtps.exe 4780 N/A
dasHost.exe 4820 N/A
mfefire.exe 3748 N/A
svchost.exe 5128 SSDPSRV
McSvHost.exe 5164 HomeNetSvc, mcbootdelaystartsvc, McMPFSvc,
McNaiAnn, mcpltsvc, McProxy
svchost.exe 5464 Netman
mfefire.exe 7268 mfefire
McAPExe.exe 7348 McAPExe
mcshield.exe 7384 N/A
unsecapp.exe 7832 N/A
WmiPrvSE.exe 1444 N/A
svchost.exe 2604 FDResPub
svchost.exe 3364 HomeGroupProvider
NisSrv.exe 1016 WdNisSvc
svchost.exe 2944 CDPSvc
GamesAppIntegrationServic 3936 GamesAppIntegrationService
GoogleCrashHandler.exe 8232 N/A
GoogleCrashHandler64.exe 8240 N/A
HPSupportSolutionsFramewo 8316 HPSupportSolutionsFrameworkService
IAStorDataMgrSvc.exe 8472 IAStorDataMgrSvc
IntuitUpdateService.exe 8548 IntuitUpdateServiceV4
jhi_service.exe 8712 jhi_service
McCSPServiceHost.exe 8780 mccspsvc
ModuleCoreService.exe 8888 ModuleCoreService
svchost.exe 9144 wscsvc
SearchIndexer.exe 9192 WSearch
svchost.exe 2532 StorSvc
PresentationFontCache.exe 8708 FontCache3.0.0.0
svchost.exe 2936 TokenBroker
svchost.exe 2880 Appinfo
iPodService.exe 11172 iPod Service
hpqwmiex.exe 8356 hpqwmiex
svchost.exe 10572 lfsvc
svchost.exe 8844 wcncsvc
svchost.exe 5884 QWAVE
svchost.exe 12192 WinHttpAutoProxySvc
svchost.exe 9496 EapHost
svchost.exe 2012 RmSvc
svchost.exe 11376 SstpSvc
svchost.exe 13136 TapiSrv
svchost.exe 3036 RasMan
svchost.exe 8076 LicenseManager
svchost.exe 9556 DsSvc
audiodg.exe 1828 N/A
HPWMISVC.exe 11660 HPWMISVC
svchost.exe 12664 seclogon
csrss.exe 10796 N/A
winlogon.exe 6216 N/A
fontdrvhost.exe 12032 N/A
dwm.exe 10628 N/A
svchost.exe 12036 Browser
svchost.exe 13620 lmhosts
svchost.exe 14456 fdPHost
svchost.exe 9936 NcdAutoSetup
esif_assist_64.exe 824 N/A
svchost.exe 13684 CDPUserSvc_21cdef0
sihost.exe 12320 N/A
svchost.exe 13940 WpnUserService_21cdef0
GoogleUpdate.exe 10740 N/A
taskhostw.exe 14252 N/A
RAVBg64.exe 11852 N/A
SynTPEnh.exe 14324 N/A
McUICnt.exe 7032 N/A
svchost.exe 12148 NgcCtnrSvc
explorer.exe 8840 N/A
SynTPHelper.exe 10372 N/A
igfxEM.exe 13268 N/A
ShellExperienceHost.exe 14480 N/A
SearchUI.exe 12184 N/A
RuntimeBroker.exe 3212 N/A
SpeechRuntime.exe 11536 N/A
TabTip.exe 11812 N/A
TabTip32.exe 2764 N/A
chrome.exe 3548 N/A
chrome.exe 8040 N/A
chrome.exe 3256 N/A
chrome.exe 7536 N/A
chrome.exe 14384 N/A
chrome.exe 10280 N/A
chrome.exe 15892 N/A
chrome.exe 11608 N/A
chrome.exe 5852 N/A
chrome.exe 8348 N/A
chrome.exe 12852 N/A
chrome.exe 8396 N/A
chrome.exe 5052 N/A
chrome.exe 9616 N/A
chrome.exe 2916 N/A
chrome.exe 16228 N/A
chrome.exe 13924 N/A
MSASCuiL.exe 4772 N/A
RtkNGUI64.exe 10228 N/A
iTunesHelper.exe 560 N/A
svchost.exe 4888 WdiSystemHost
chrome.exe 4256 N/A
OneDrive.exe 7256 N/A
iCloudServices.exe 12588 N/A
SSScheduler.exe 4488 N/A
EvernoteClipper.exe 4672 N/A
HPMSGSVC.exe 9416 N/A
HPRadioMgr64.exe 10524 N/A
ONENOTEM.EXE 888 N/A
CNMNSST.exe 8628 N/A
APSDaemon.exe 8036 N/A
chrome.exe 14060 N/A
svchost.exe 9360 OneSyncSvc_21cdef0,
PimIndexMaintenanceSvc_21cdef0,
UnistoreSvc_21cdef0, UserDataSvc_21cdef0
secureline.exe 15908 N/A
svchost.exe 4264 gpsvc
svchost.exe 6424 wlidsvc
dllhost.exe 6976 N/A
smartscreen.exe 13992 N/A
Taskmgr.exe 14652 N/A
cmd.exe 13020 N/A
conhost.exe 13888 N/A
tasklist.exe 10392 N/A
WmiPrvSE.exe 2016 N/A
#18
Posted 17 August 2017 - 04:47 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Looks like you rebooted between the last Process Explorer and the junk.txt file. The Process ID numbers change when you reboot so I need a matched pair. Please redo the Process Explorer logs and a new junk.txt
#19
Posted 18 August 2017 - 03:17 PM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 87.84 52 K 8 K 0
audiodg.exe 3.43 37,472 K 41,260 K 9280
chrome.exe 1.84 469,404 K 530,476 K 1844 Google Chrome Google Inc. (Verified) Google Inc
procexp64.exe 1.81 29,568 K 67,536 K 2292 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 1.74 0 K 0 K n/a Hardware Interrupts and DPCs
SynTPEnh.exe 0.97 7,216 K 22,092 K 868 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
SpeechRuntime.exe 0.40 17,408 K 23,716 K 10756 Speech Runtime Executable Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.39 30,672 K 51,864 K 220
csrss.exe 0.35 2,416 K 4,992 K 7212
chrome.exe 0.22 183,372 K 272,472 K 5916 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.20 122,740 K 153,264 K 3400 Google Chrome Google Inc. (Verified) Google Inc
TabTip.exe 0.18 4,092 K 13,652 K 13400
System 0.11 152 K 7,196 K 4
HPMSGSVC.exe 0.11 1,568 K 7,916 K 11016 HP Message Service HP Inc. (Verified) Hewlett-Packard Company
AcroRd32.exe 0.08 24,144 K 45,852 K 2844 Adobe Acrobat Reader DC Adobe Systems Incorporated (Verified) Adobe Systems
MsMpEng.exe 0.08 216,728 K 207,300 K 3752 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
AppleMobileDeviceService.exe 0.03 3,620 K 11,140 K 3508 MobileDeviceService Apple Inc. (Verified) Apple Inc.
chrome.exe 0.03 135,440 K 170,172 K 14956 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.02 46,472 K 109,536 K 6952 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 122,688 K 181,248 K 13008 Google Chrome Google Inc. (Verified) Google Inc
McAPExe.exe 0.02 3,100 K 9,100 K 7348 McAfee Access Protection McAfee, Inc. (Verified) McAfee
iCloudServices.exe 0.02 44,220 K 44,760 K 15308 iCloud Services Apple Inc. (Verified) Apple Inc.
CNMNSST.exe 0.02 1,596 K 7,876 K 13428 Canon IJ Network Scanner Selector EX CANON INC. (Verified) Canon Inc.
PenCommService.exe 0.01 2,624 K 7,180 K 3484 Livescribe Smartpen Communication Service Livescribe (No signature was present in the subject) Livescribe
McSvHost.exe 0.01 33,652 K 35,300 K 5164 McAfee Service Host McAfee, Inc. (Verified) McAfee
svchost.exe 0.01 20,060 K 37,580 K 3312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
iPodService.exe 0.01 2,588 K 7,952 K 11172 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
WUDFHost.exe < 0.01 6,836 K 6,248 K 1504
AGSService.exe < 0.01 4,160 K 12,460 K 3760 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Systems Incorporated
EvernoteClipper.exe < 0.01 2,708 K 11,592 K 8532 Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
RdrCEF.exe < 0.01 11,304 K 28,116 K 15972 Adobe RdrCEF Adobe Systems Incorporated (Verified) Adobe Systems
mfefire.exe < 0.01 2,632 K 8,096 K 3748
svchost.exe < 0.01 2,240 K 9,536 K 1456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
vpnsvc.exe < 0.01 3,568 K 11,272 K 3260 (Verified) AVAST Software a.s.
chrome.exe < 0.01 84,608 K 93,124 K 13900 Google Chrome Google Inc. (Verified) Google Inc
esif_assist_64.exe < 0.01 1,400 K 5,052 K 15156
HPSupportSolutionsFrameworkService.exe < 0.01 34,352 K 50,960 K 8316 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
secureline.exe < 0.01 7,324 K 8,880 K 7148 SecureLine AVAST Software (Verified) AVAST Software a.s.
chrome.exe < 0.01 27,684 K 33,508 K 14376 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 85,724 K 85,512 K 3168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
OneDrive.exe < 0.01 31,952 K 41,248 K 5060 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 5,092 K 13,848 K 16300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
iTunesHelper.exe < 0.01 4,012 K 14,072 K 13276 iTunesHelper Apple Inc. (Verified) Apple Inc.
OfficeClickToRun.exe < 0.01 54,876 K 46,860 K 14504 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 4,432 K 13,924 K 8844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 10,900 K 20,240 K 2344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 2,460 K 5,828 K 740
Memory Compression < 0.01 708 K 138,992 K 4036
WWAHost.exe 63,524 K 104,208 K 16380 Microsoft WWA Host Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 25,568 K 13,012 K 2076
WmiPrvSE.exe 13,100 K 25,164 K 1444
wlanext.exe 5,256 K 15,332 K 4728
WinStore.App.exe Suspended 39,220 K 69,960 K 12856 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 2,216 K 7,580 K 15380
wininit.exe 1,672 K 6,116 K 852
unsecapp.exe 1,320 K 5,664 K 7832
Time.exe Suspended 14,100 K 39,528 K 15388 (No signature was present in the subject)
taskhostw.exe 17,112 K 29,180 K 3896 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 1,372 K 4,656 K 4264
SystemSettings.exe Suspended 15,208 K 43,536 K 9756 Settings Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,056 K 4,640 K 1700
SynTPEnhService.exe 1,264 K 4,580 K 3200 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 5,156 K 11,988 K 2200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 13,728 K 19,112 K 3012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,060 K 13,168 K 708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,596 K 8,780 K 5128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,128 K 6,240 K 5884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,720 K 6,516 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,412 K 15,156 K 13908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,812 K 12,192 K 2832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,468 K 7,064 K 2148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,012 K 18,340 K 3184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,248 K 28,020 K 608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,548 K 17,132 K 3304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,156 K 7,628 K 2576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,940 K 15,164 K 1528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,336 K 21,796 K 3320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,808 K 18,752 K 2936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,472 K 29,312 K 9444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,100 K 6,408 K 13136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,312 K 8,740 K 2604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 27,664 K 8,304 K 3296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,532 K 16,668 K 2780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,000 K 15,592 K 10572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,952 K 6,780 K 12192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,788 K 15,200 K 1796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,280 K 12,528 K 2568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,224 K 18,212 K 3344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,680 K 5,616 K 2584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,652 K 8,808 K 2376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,320 K 7,852 K 2012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,912 K 10,800 K 2244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,140 K 7,032 K 3060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,672 K 6,404 K 12036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,680 K 6,776 K 11732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,536 K 8,376 K 3216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,084 K 9,360 K 2092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,556 K 14,284 K 4208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,068 K 11,164 K 2276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 21,188 K 38,256 K 6968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,876 K 9,040 K 9144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,076 K 7,216 K 1588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 8,240 K 2000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,196 K 10,800 K 3364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,352 K 19,560 K 8076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,112 K 26,368 K 15632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 920 K 3,432 K 572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,204 K 8,736 K 1200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,412 K 4,948 K 1212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,064 K 10,236 K 1284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,680 K 5,424 K 1308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,736 K 7,068 K 1408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,296 K 5,168 K 1596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,576 K 9,748 K 1604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,352 K 8,452 K 1732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,796 K 6,776 K 1900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,032 K 7,864 K 1908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,160 K 8,860 K 2064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,276 K 5,028 K 3176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,368 K 7,780 K 3328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,676 K 12,816 K 3336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,680 K 7,728 K 3352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,824 K 6,640 K 3972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,296 K 9,556 K 5464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,432 K 16,196 K 2944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,876 K 14,104 K 2532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,368 K 5,596 K 2880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,584 K 9,312 K 9496 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,548 K 5,784 K 11376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,496 K 11,080 K 3036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,716 K 8,724 K 9556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,232 K 5,076 K 12664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,028 K 8,336 K 14716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,328 K 5,252 K 4880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,408 K 5,488 K 9192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,500 K 20,908 K 15368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SSScheduler.exe 3,576 K 14,940 K 12760 McAfee Security Scanner Scheduler McAfee, Inc. (Verified) McAfee
spoolsv.exe 10,276 K 15,080 K 2952 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 500 K 1,004 K 436
smartscreen.exe 9,828 K 18,352 K 332 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 6,176 K 22,188 K 8572 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 32,472 K 80,860 K 4700 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 2,520 K 4,228 K 15520 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,704 K 9,728 K 980
SecurityHealthService.exe 6,052 K 14,520 K 3492 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 46,204 K 99,372 K 1636 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 37,372 K 45,984 K 13948 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 14,432 K 38,072 K 10152 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 8,056 K 15,116 K 12544 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 2,116 K 7,548 K 2476 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,480 K 6,012 K 3428 RichVideo Module (Verified) CyberLink Corp.
RegSrvc.exe 1,848 K 7,624 K 3232 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
RdrCEF.exe 44,608 K 50,620 K 12788 Adobe RdrCEF Adobe Systems Incorporated (Verified) Adobe Systems
RAVBg64.exe 6,208 K 11,620 K 14176
procexp.exe 2,996 K 10,156 K 9156 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 31,176 K 18,076 K 8708 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PEFService.exe 1,644 K 6,880 K 3524 Intel Security PEF Service Intel Security, Inc. (Verified) McAfee
ONENOTEM.EXE 2,524 K 2,528 K 4360 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
NisSrv.exe 15,124 K 10,728 K 1016 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe 1,928 K 9,040 K 1360 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
ModuleCoreService.exe 5,348 K 11,132 K 8888 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
mfevtps.exe 4,212 K 8,616 K 4780
mfevtps.exe 2,764 K 6,572 K 3476 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mfemms.exe 2,376 K 6,676 K 3288 McAfee Management Service McAfee, Inc. (Verified) McAfee
mfefire.exe 2,364 K 6,668 K 7268 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
McVulCtr.exe 3,516 K 11,836 K 2216
McUICnt.exe 15,400 K 38,328 K 14824 McAfee McAfee, Inc. (Verified) McAfee
mcshield.exe 144,864 K 28,592 K 7384
McCSPServiceHost.exe 6,748 K 16,084 K 8780 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
lsass.exe 8,180 K 16,176 K 996 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
jhi_service.exe 1,356 K 5,312 K 8712 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
IntuitUpdateService.exe 14,644 K 2,032 K 8548 Intuit Update Service Intuit Inc. (Verified) Intuit
igfxEM.exe 3,528 K 12,028 K 1128 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,736 K 7,040 K 1772 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
ibtsiva.exe 1,400 K 5,584 K 3552 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel® Wireless Connectivity Solutions
IAStorDataMgrSvc.exe 24,244 K 29,348 K 8472 IAStorDataSvc Intel Corporation (Verified) Intel® Rapid Storage Technology
HxTsr.exe Suspended 8,260 K 33,300 K 10352 Microsoft Outlook Communications Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
HxOutlook.exe Suspended 28,140 K 59,388 K 8804 Microsoft Outlook Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
HPWMISVC.exe 1,556 K 7,420 K 1944 HP WMI Service HP Inc. (Verified) Hewlett-Packard Company
hpservice.exe 1,068 K 4,120 K 2396 HP Service HP (Verified) HP Inc.
HPRadioMgr64.exe 1,836 K 8,488 K 1424 HP Radio Manager HP (Verified) Hewlett-Packard
hpqwmiex.exe 2,084 K 8,892 K 8356 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
HPCommRecovery.exe 11,620 K 19,328 K 3436 CommRecovery HP Inc. (No signature was present in the subject) HP Inc.
GoogleCrashHandler64.exe 1,648 K 164 K 8240
GoogleCrashHandler.exe 1,664 K 572 K 8232
GamesAppIntegrationService.exe 1,572 K 6,940 K 3936 WildTangent Games App Integration Service WildTangent (Verified) WildTangent Inc
fontdrvhost.exe 2,656 K 6,040 K 12384
fontdrvhost.exe 2,436 K 2,788 K 660
FNPLicensingService64.exe 1,916 K 6,920 K 3272 Activation Licensing Service Flexera Software LLC (Verified) Flexera Software LLC
EvtEng.exe 5,148 K 12,252 K 3224 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
esif_uf.exe 2,128 K 6,544 K 3192 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
dllhost.exe 2,028 K 10,016 K 8348 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DbxSvc.exe 2,544 K 5,064 K 3444 Dropbox Service Dropbox, Inc. (Verified) Dropbox
dasHost.exe 11,844 K 16,796 K 4820
conhost.exe 1,276 K 4,896 K 4752
chrome.exe 55,104 K 37,764 K 15720 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 31,176 K 40,120 K 15588 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,892 K 32,344 K 12504 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,812 K 31,856 K 13200 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 59,864 K 63,420 K 11480 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 41,684 K 49,136 K 14256 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 37,484 K 43,112 K 12496 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 41,392 K 47,560 K 7780 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 37,800 K 43,508 K 13684 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,408 K 37,988 K 4364 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 79,136 K 83,804 K 15900 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,180 K 9,336 K 10044 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,628 K 9,944 K 1580 Google Chrome Google Inc. (Verified) Google Inc
armsvc.exe 1,388 K 5,964 K 3500 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe 5,204 K 16,500 K 3992 Apple Push Apple Inc. (Verified) Apple Inc.
ApplicationFrameHost.exe 18,404 K 33,700 K 7992 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
AcroRd32.exe 9,416 K 21,120 K 13444 Adobe Acrobat Reader DC Adobe Systems Incorporated (Verified) Adobe Systems
#20
Posted 18 August 2017 - 03:21 PM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 436 N/A
csrss.exe 740 N/A
wininit.exe 852 N/A
services.exe 980 N/A
lsass.exe 996 KeyIso, SamSs, VaultSvc
svchost.exe 572 PlugPlay
svchost.exe 608 BrokerInfrastructure, DcomLaunch, Power,
SystemEventsBroker
fontdrvhost.exe 660 N/A
svchost.exe 708 RpcEptMapper, RpcSs
svchost.exe 1056 LSM
svchost.exe 1200 NcbService
svchost.exe 1212 wudfsvc
svchost.exe 1284 TimeBrokerSvc
svchost.exe 1308 hidserv
svchost.exe 1408 TabletInputService
WUDFHost.exe 1504 N/A
svchost.exe 1528 EventLog
svchost.exe 1588 EventSystem
svchost.exe 1596 Themes
svchost.exe 1604 ProfSvc
svchost.exe 1732 SENS
igfxCUIService.exe 1772 igfxCUIService2.0.0.0
svchost.exe 1796 Schedule
svchost.exe 1900 AudioEndpointBuilder
svchost.exe 1908 FontCache
svchost.exe 2000 UserManager
svchost.exe 1456 SensrSvc
svchost.exe 2064 SensorService
WUDFHost.exe 2076 N/A
svchost.exe 2092 nsi
svchost.exe 2148 Dhcp
svchost.exe 2200 NlaSvc
svchost.exe 2244 StateRepository
svchost.exe 2276 Audiosrv
svchost.exe 2376 netprofm
hpservice.exe 2396 hpsrv
RtkAudioService64.exe 2476 RtkAudioService
svchost.exe 2568 Wcmsvc
svchost.exe 2576 Dnscache
svchost.exe 2584 DusmSvc
svchost.exe 2780 WlanSvc
svchost.exe 2832 ShellHWDetection
spoolsv.exe 2952 Spooler
svchost.exe 3012 BFE, CoreMessagingRegistrar, MpsSvc
svchost.exe 3060 LanmanWorkstation
svchost.exe 3168 SysMain
svchost.exe 3176 TrkWks
svchost.exe 3184 tiledatamodelsvc
esif_uf.exe 3192 esifsvc
SynTPEnhService.exe 3200 SynTPEnhService
EvtEng.exe 3224 EvtEng
RegSrvc.exe 3232 RegSrvc
vpnsvc.exe 3260 SecureLine
FNPLicensingService64.exe 3272 FlexNet Licensing Service 64
mfemms.exe 3288 mfemms
svchost.exe 3296 DeviceAssociationService
svchost.exe 3304 Winmgmt
svchost.exe 3312 DiagTrack
svchost.exe 3320 DPS
svchost.exe 3328 stisvc
svchost.exe 3336 CryptSvc
svchost.exe 3344 WpnService
svchost.exe 3352 PcaSvc
RichVideo64.exe 3428 RichVideo64
HPCommRecovery.exe 3436 HP Comm Recover
DbxSvc.exe 3444 DbxSvc
mfevtps.exe 3476 mfevtp
PenCommService.exe 3484 PenCommService
SecurityHealthService.exe 3492 SecurityHealthService
armsvc.exe 3500 AdobeARMservice
AppleMobileDeviceService. 3508 Apple Mobile Device Service
PEFService.exe 3524 PEFService
ibtsiva.exe 3552 ibtsiva
MsMpEng.exe 3752 WinDefend
AGSService.exe 3760 AGSService
svchost.exe 3972 WdiServiceHost
Memory Compression 4036 N/A
svchost.exe 3216 LanmanServer
svchost.exe 4208 iphlpsvc
wlanext.exe 4728 N/A
conhost.exe 4752 N/A
mfevtps.exe 4780 N/A
dasHost.exe 4820 N/A
mfefire.exe 3748 N/A
svchost.exe 5128 SSDPSRV
McSvHost.exe 5164 HomeNetSvc, mcbootdelaystartsvc, McMPFSvc,
McNaiAnn, mcpltsvc, McProxy
svchost.exe 5464 Netman
mfefire.exe 7268 mfefire
McAPExe.exe 7348 McAPExe
mcshield.exe 7384 N/A
unsecapp.exe 7832 N/A
WmiPrvSE.exe 1444 N/A
svchost.exe 2604 FDResPub
svchost.exe 3364 HomeGroupProvider
NisSrv.exe 1016 WdNisSvc
svchost.exe 2944 CDPSvc
GamesAppIntegrationServic 3936 GamesAppIntegrationService
GoogleCrashHandler.exe 8232 N/A
GoogleCrashHandler64.exe 8240 N/A
HPSupportSolutionsFramewo 8316 HPSupportSolutionsFrameworkService
IAStorDataMgrSvc.exe 8472 IAStorDataMgrSvc
IntuitUpdateService.exe 8548 IntuitUpdateServiceV4
jhi_service.exe 8712 jhi_service
McCSPServiceHost.exe 8780 mccspsvc
ModuleCoreService.exe 8888 ModuleCoreService
svchost.exe 9144 wscsvc
svchost.exe 2532 StorSvc
PresentationFontCache.exe 8708 FontCache3.0.0.0
svchost.exe 2936 TokenBroker
svchost.exe 2880 Appinfo
iPodService.exe 11172 iPod Service
hpqwmiex.exe 8356 hpqwmiex
svchost.exe 10572 lfsvc
svchost.exe 8844 wcncsvc
svchost.exe 5884 QWAVE
svchost.exe 12192 WinHttpAutoProxySvc
svchost.exe 9496 EapHost
svchost.exe 2012 RmSvc
svchost.exe 11376 SstpSvc
svchost.exe 13136 TapiSrv
svchost.exe 3036 RasMan
svchost.exe 8076 LicenseManager
svchost.exe 9556 DsSvc
svchost.exe 12664 seclogon
svchost.exe 12036 Browser
OfficeClickToRun.exe 14504 ClickToRunSvc
SearchIndexer.exe 13948 WSearch
McVulCtr.exe 2216 N/A
HPWMISVC.exe 1944 HPWMISVC
audiodg.exe 9280 N/A
svchost.exe 13908 wlidsvc
csrss.exe 7212 N/A
winlogon.exe 15380 N/A
dwm.exe 220 N/A
fontdrvhost.exe 12384 N/A
svchost.exe 16300 fdPHost
svchost.exe 14716 NcdAutoSetup
svchost.exe 4880 lmhosts
svchost.exe 9192 WdiSystemHost
esif_assist_64.exe 15156 N/A
svchost.exe 15368 CDPUserSvc_4bd086b
svchost.exe 15632 WpnUserService_4bd086b
sihost.exe 8572 N/A
taskhostw.exe 3896 N/A
RAVBg64.exe 14176 N/A
SynTPEnh.exe 868 N/A
igfxEM.exe 1128 N/A
McUICnt.exe 14824 N/A
explorer.exe 6952 N/A
SynTPHelper.exe 1700 N/A
ShellExperienceHost.exe 4700 N/A
SearchUI.exe 1636 N/A
RuntimeBroker.exe 10152 N/A
SpeechRuntime.exe 10756 N/A
TabTip.exe 13400 N/A
TabTip32.exe 4264 N/A
MSASCuiL.exe 1360 N/A
RtkNGUI64.exe 12544 N/A
iTunesHelper.exe 13276 N/A
OneDrive.exe 5060 N/A
iCloudServices.exe 15308 N/A
SSScheduler.exe 12760 N/A
HPMSGSVC.exe 11016 N/A
EvernoteClipper.exe 8532 N/A
ONENOTEM.EXE 4360 N/A
HPRadioMgr64.exe 1424 N/A
CNMNSST.exe 13428 N/A
APSDaemon.exe 3992 N/A
svchost.exe 9444 OneSyncSvc_4bd086b,
PimIndexMaintenanceSvc_4bd086b,
UnistoreSvc_4bd086b, UserDataSvc_4bd086b
secureline.exe 7148 N/A
chrome.exe 5916 N/A
chrome.exe 10044 N/A
chrome.exe 1580 N/A
chrome.exe 14956 N/A
chrome.exe 13008 N/A
chrome.exe 3400 N/A
chrome.exe 15900 N/A
chrome.exe 14376 N/A
chrome.exe 11480 N/A
chrome.exe 15588 N/A
chrome.exe 14256 N/A
chrome.exe 12504 N/A
chrome.exe 12496 N/A
chrome.exe 13900 N/A
chrome.exe 4364 N/A
chrome.exe 13200 N/A
chrome.exe 7780 N/A
chrome.exe 13684 N/A
AcroRd32.exe 13444 N/A
AcroRd32.exe 2844 N/A
chrome.exe 15720 N/A
RdrCEF.exe 15972 N/A
RdrCEF.exe 12788 N/A
ApplicationFrameHost.exe 7992 N/A
WinStore.App.exe 12856 N/A
WWAHost.exe 16380 N/A
SystemSettings.exe 9756 N/A
HxOutlook.exe 8804 N/A
HxTsr.exe 10352 N/A
Time.exe 15388 N/A
SettingSyncHost.exe 15520 N/A
chrome.exe 1844 N/A
dllhost.exe 8348 N/A
smartscreen.exe 332 N/A
svchost.exe 11732 gpsvc
notepad.exe 14792 N/A
SkypeHost.exe 14580 N/A
Taskmgr.exe 17092 N/A
cmd.exe 1188 N/A
conhost.exe 11208 N/A
tasklist.exe 13100 N/A
WmiPrvSE.exe 1280 N/A
#21
Posted 18 August 2017 - 03:53 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
The svchost.exe files have calmed down and are not using a lot of CPU now. Probably it was just Windows Update doing something. Your FRST Additional scan shows McAfee Anti-Virus but I do not see it in the install list and Windows Defender is running so I assume you had it at one time and uninstalled it. As usual the McAfee uninstaller didn't do a very good job.
Let's run the McAfee removal tool: (MCPR)
https://service.mcaf...te=19huab6t9l_4
If the overly long link to the instructions doesn't work the file can be downloaded at:
http://us.mcafee.com...s/mcpr/mcpr.asp
You also have Avast SecureLine installed. This should be uninstalled as it may be a cause of delay when connecting to the Internet.
Reboot when done then
create a new Process Explorer log as before. I shouldn't need the junk.txt file this time.
#22
Posted 18 August 2017 - 04:58 PM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
The McAffee was pre-installed on my laptop. When I saw that it expired, or part of it, I tried to delete it I think. The part remaining I thought ran some free scans but I'm not even sure. It's confusing to me. Can you recommend a better antivirus program?
How do I uninstall Avast? Just right click and do a regular uninstall from there?
#23
Posted 18 August 2017 - 05:33 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
McAfee has always been hard to get rid of.
McAfee Security Scan Plus is foistware that you sometimes get when you update Java or some Adobe products if you do not uncheck the "optional software" before hitting the download button. I'm not familiar with McAfee LiveSafe but it's no doubt junk too so I don't think you need it either.
To uninstall Avast (and any McAfee products that don't go away after running the removal tool)
search for:
appwiz.cpl
and hit Enter. Then find Avast, select it and click on Uninstall.
I use the free Avast. It's pretty good tho likes to put up popup windows in the bottom right to try and get you to upgrade to the paid version.
#24
Posted 18 August 2017 - 08:21 PM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
Done and done! Thank you so much. The internet is connecting right away now and generally seems to be running faster. Is there anything else I need to do?
#25
Posted 18 August 2017 - 08:42 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Guess it's cleanup time:
If we installed Speccy it needs to be uninstalled. Process Explorer, VEW, AdwCleaner, JRT, FRST and their logs and Speccy's log can just be deleted.
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash is now the most malware targeted program so it must be kept up to date. Be careful with Adobe. They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan. Go slow and uncheck the optional stuff.
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.
If you use Chrome/Firefox then get the Ublock Origin Add-on from https://www.ublock.org/. For IE go to adblockplus.org and get the add-on. (It's actually a program for IE)
If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize. You can run it any time that Chrome/Firefox seems slow starting..
To prevent a relatively new phishing attack: In Firefox, type:
about:config
in the URL box and hit Enter. You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning). In the Search box put in
puny
You should only get one option:
network.IDN_show_punycode
We want it to say True but by default it is False so double click on it to toggle from False to True.
Close and restart firefox.
To test it you can go to:
If the value is false you will see https://www.apple.cominstead of the correct value
If you are a Facebook user get the FB Purity extension for your browser:
This will stop all of the suggested pages and ads so that Facebook loads much quicker.
Be warned: If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.combefore you open them.
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
CryptoPrevent
The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.
Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.
#26
Posted 22 August 2017 - 09:06 AM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
What is VEW? Also, I think I deleted flash and/or shockwave. Can I just download those from Adobe website?
#27
Posted 22 August 2017 - 11:19 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Thought we had done VEW already. Guess not:
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
You can get Flash and/Or Shockwave at adobe.com. Links are on the bottom right of the home page.
Just be careful when you download them. Wait a second or two until the optional software shows up then uncheck it before hitting Download.
#28
Posted 25 August 2017 - 06:59 PM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 25/08/2017 8:57:25 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 23/08/2017 12:56:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 19/08/2017 3:38:00 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 15/08/2017 1:34:12 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2017 12:10:59 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CldFlt service failed to start due to the following error: The request is not supported.
Log: 'System' Date/Time: 26/08/2017 12:10:06 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 26/08/2017 12:10:06 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 26/08/2017 12:10:06 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 26/08/2017 12:10:06 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 26/08/2017 12:10:06 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 26/08/2017 12:10:06 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 26/08/2017 12:04:47 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 25/08/2017 1:50:23 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 25/08/2017 1:50:23 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 25/08/2017 1:50:23 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 25/08/2017 1:50:23 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 25/08/2017 1:50:23 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 25/08/2017 3:09:37 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server Windows.Media.Capture.Internal.AppCaptureShell did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 25/08/2017 1:20:12 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 25/08/2017 12:32:08 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 24/08/2017 3:33:53 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 24/08/2017 1:23:34 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 23/08/2017 4:02:23 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 23/08/2017 2:02:23 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/08/2017 12:14:46 AM
Type: Warning Category: 0
Event: 10400 Source: Microsoft-Windows-NDIS
The network interface "Intel® Dual Band Wireless-AC 3165" has begun resetting. There will be a momentary disruption in network connectivity while the hardware resets. Reason: The network driver requested that it be reset. This network interface has reset 2 time(s) since it was last initialized.
Log: 'System' Date/Time: 26/08/2017 12:14:31 AM
Type: Warning Category: 0
Event: 10400 Source: Microsoft-Windows-NDIS
The network interface "Intel® Dual Band Wireless-AC 3165" has begun resetting. There will be a momentary disruption in network connectivity while the hardware resets. Reason: The network driver requested that it be reset. This network interface has reset 1 time(s) since it was last initialized.
Log: 'System' Date/Time: 26/08/2017 12:13:53 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ssw.live.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 26/08/2017 12:11:59 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 12 seconds since the last report.
Log: 'System' Date/Time: 26/08/2017 12:11:27 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 26/08/2017 12:10:57 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff. Low Energy peripheral role functionality will not be available.
Log: 'System' Date/Time: 26/08/2017 12:10:49 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&f65e38f&0&0000.
Log: 'System' Date/Time: 26/08/2017 12:10:49 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&221f9434&0&0000.
Log: 'System' Date/Time: 26/08/2017 12:10:49 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8086&Pid_0001\6&34d944d9&0&0000.
Log: 'System' Date/Time: 26/08/2017 12:10:48 AM
Type: Warning Category: 0
Event: 1 Source: ISH
Intel® ISH Interface is being reset.
Log: 'System' Date/Time: 26/08/2017 12:10:48 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&1.
Log: 'System' Date/Time: 26/08/2017 12:10:12 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 26/08/2017 12:10:10 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name login.microsoftonline.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 26/08/2017 12:10:09 AM
Type: Warning Category: 0
Event: 16002 Source: AFD
Closing a UDP socket with local port number 58306 in process 2440 is taking longer than expected. The local port number may not be available until the close operation is completed. This happens typically due to misbehaving network drivers. Ensure latest updates are installed for Windows and any third-party networking software including NIC drivers, firewalls, or other security products.
Log: 'System' Date/Time: 26/08/2017 12:10:09 AM
Type: Warning Category: 0
Event: 16002 Source: AFD
Closing a UDP socket with local port number 59482 in process 2056 is taking longer than expected. The local port number may not be available until the close operation is completed. This happens typically due to misbehaving network drivers. Ensure latest updates are installed for Windows and any third-party networking software including NIC drivers, firewalls, or other security products.
Log: 'System' Date/Time: 26/08/2017 12:10:09 AM
Type: Warning Category: 0
Event: 16002 Source: AFD
Closing a UDP socket with local port number 63173 in process 2056 is taking longer than expected. The local port number may not be available until the close operation is completed. This happens typically due to misbehaving network drivers. Ensure latest updates are installed for Windows and any third-party networking software including NIC drivers, firewalls, or other security products.
Log: 'System' Date/Time: 26/08/2017 12:10:07 AM
Type: Warning Category: 0
Event: 16002 Source: AFD
Closing a UDP socket with local port number 51189 in process 8636 is taking longer than expected. The local port number may not be available until the close operation is completed. This happens typically due to misbehaving network drivers. Ensure latest updates are installed for Windows and any third-party networking software including NIC drivers, firewalls, or other security products.
Log: 'System' Date/Time: 26/08/2017 12:10:05 AM
Type: Warning Category: 0
Event: 16002 Source: AFD
Closing a UDP socket with local port number 64420 in process 2056 is taking longer than expected. The local port number may not be available until the close operation is completed. This happens typically due to misbehaving network drivers. Ensure latest updates are installed for Windows and any third-party networking software including NIC drivers, firewalls, or other security products.
Log: 'System' Date/Time: 26/08/2017 12:10:03 AM
Type: Warning Category: 0
Event: 16002 Source: AFD
Closing a UDP socket with local port number 50340 in process 2056 is taking longer than expected. The local port number may not be available until the close operation is completed. This happens typically due to misbehaving network drivers. Ensure latest updates are installed for Windows and any third-party networking software including NIC drivers, firewalls, or other security products.
Log: 'System' Date/Time: 26/08/2017 12:10:03 AM
Type: Warning Category: 0
Event: 16002 Source: AFD
Closing a UDP socket with local port number 50279 in process 2056 is taking longer than expected. The local port number may not be available until the close operation is completed. This happens typically due to misbehaving network drivers. Ensure latest updates are installed for Windows and any third-party networking software including NIC drivers, firewalls, or other security products.
#29
Posted 25 August 2017 - 07:02 PM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 25/08/2017 9:02:18 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2017 12:17:03 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.483, time stamp: 0x595f2577 Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8 Exception code: 0xcfffffff Fault offset: 0x000000000002b1f6 Faulting process id: 0x3a20 Faulting application start time: 0x01d31e009053a316 Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: c4c8946b-df96-4e63-983b-27f34d54a2af Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: ContentProcess
Log: 'Application' Date/Time: 26/08/2017 12:15:37 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Log: 'Application' Date/Time: 26/08/2017 12:15:32 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Log: 'Application' Date/Time: 26/08/2017 12:15:27 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Log: 'Application' Date/Time: 26/08/2017 12:15:25 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Log: 'Application' Date/Time: 26/08/2017 12:15:19 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Log: 'Application' Date/Time: 26/08/2017 12:14:03 AM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Log: 'Application' Date/Time: 26/08/2017 12:11:01 AM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPowerControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPowerControlCapabilityChanged [19]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPowerControlCapabilityChanged
Exception Text:
Could not find client in directory.
Log: 'Application' Date/Time: 26/08/2017 12:11:01 AM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPerformanceControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPerformanceControlCapabilityChanged [17]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPerformanceControlCapabilityChanged
Exception Text:
Could not find client in directory.
Log: 'Application' Date/Time: 26/08/2017 12:11:01 AM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPerformanceControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPerformanceControlCapabilityChanged [17]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPerformanceControlCapabilityChanged
Exception Text:
Could not find client in directory.
Log: 'Application' Date/Time: 26/08/2017 12:11:01 AM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
Policy: Passive Policy 2 [2]
Log: 'Application' Date/Time: 26/08/2017 12:11:01 AM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
Policy: Critical Policy [1]
Log: 'Application' Date/Time: 26/08/2017 12:04:43 AM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPowerControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPowerControlCapabilityChanged [19]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPowerControlCapabilityChanged
Exception Text:
Could not find client in directory.
Log: 'Application' Date/Time: 26/08/2017 12:04:43 AM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPerformanceControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPerformanceControlCapabilityChanged [17]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPerformanceControlCapabilityChanged
Exception Text:
Could not find client in directory.
Log: 'Application' Date/Time: 26/08/2017 12:04:43 AM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPerformanceControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPerformanceControlCapabilityChanged [17]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPerformanceControlCapabilityChanged
Exception Text:
Could not find client in directory.
Log: 'Application' Date/Time: 25/08/2017 7:01:45 PM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Log: 'Application' Date/Time: 25/08/2017 7:01:12 PM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Log: 'Application' Date/Time: 25/08/2017 7:00:34 PM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPowerControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPowerControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPowerControlCapabilityChanged [19]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPowerControlCapabilityChanged
Exception Text:
Could not find client in directory.
Log: 'Application' Date/Time: 25/08/2017 7:00:33 PM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPerformanceControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPerformanceControlCapabilityChanged [17]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPerformanceControlCapabilityChanged
Exception Text:
Could not find client in directory.
Log: 'Application' Date/Time: 25/08/2017 7:00:33 PM
Type: Error Category: 1
Event: 256 Source: DPTF
Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR
DPTF Build Version: 8.1.10605.221
DPTF Build Date: Oct 23 2015 12:24:15
Source File: ..\..\..\Sources\Manager\WIDomainPerformanceControlCapabilityChanged.cpp @ line 63
Executing Function: WIDomainPerformanceControlCapabilityChanged::execute
Message: Unhandled exception caught during execution of work item
Framework Event: DomainPerformanceControlCapabilityChanged [17]
Participant: TCPU [1]
Policy: Passive Policy 2 [2]
Exception Function: Policy::executeDomainPerformanceControlCapabilityChanged
Exception Text:
Could not find client in directory.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 26/08/2017 12:13:25 AM
Type: Warning Category: 0
Event: 1 Source: SpeechRuntime
Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled
Log: 'Application' Date/Time: 25/08/2017 7:37:42 PM
Type: Warning Category: 0
Event: 1 Source: SpeechRuntime
Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled
Log: 'Application' Date/Time: 25/08/2017 1:51:38 PM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> took 74 second(s) to handle the notification event (Logoff).
Log: 'Application' Date/Time: 25/08/2017 1:51:38 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
svchost (3020) SRUJet: A request to write to the file "C:\WINDOWS\system32\SRU\SRU.log" at offset 57344 (0x000000000000e000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 25/08/2017 1:51:38 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
svchost (3020) SRUJet: A request to write to the file "C:\WINDOWS\system32\SRU\SRU.log" at offset 57344 (0x000000000000e000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (36 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 25/08/2017 1:51:24 PM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logoff).
Log: 'Application' Date/Time: 25/08/2017 11:14:58 AM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted. at Interop.WUApiLib.IUpdateSearcher.Search(String criteria) at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()
Log: 'Application' Date/Time: 25/08/2017 11:14:44 AM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
Log: 'Application' Date/Time: 25/08/2017 11:14:26 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.
Log: 'Application' Date/Time: 24/08/2017 6:02:50 PM
Type: Warning Category: 0
Event: 1 Source: SpeechRuntime
Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled
Log: 'Application' Date/Time: 24/08/2017 11:33:13 AM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted. at Interop.WUApiLib.IUpdateSearcher.Search(String criteria) at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()
Log: 'Application' Date/Time: 24/08/2017 11:32:55 AM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
Log: 'Application' Date/Time: 24/08/2017 11:32:35 AM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.
Log: 'Application' Date/Time: 24/08/2017 11:29:45 AM
Type: Warning Category: 0
Event: 1 Source: SpeechRuntime
Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled
Log: 'Application' Date/Time: 24/08/2017 3:58:28 AM
Type: Warning Category: 0
Event: 1 Source: SpeechRuntime
Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled
Log: 'Application' Date/Time: 24/08/2017 3:37:28 AM
Type: Warning Category: 0
Event: 1 Source: SpeechRuntime
Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled
Log: 'Application' Date/Time: 23/08/2017 8:47:35 PM
Type: Warning Category: 0
Event: 1 Source: SpeechRuntime
Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled
Log: 'Application' Date/Time: 23/08/2017 1:54:32 PM
Type: Warning Category: 0
Event: 1 Source: SpeechRuntime
Audio Orchestrator Power Event: Battery Saver Turned On, Voice Activation Disabled
Log: 'Application' Date/Time: 23/08/2017 1:05:38 PM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted. at Interop.WUApiLib.IUpdateSearcher.Search(String criteria) at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()
Log: 'Application' Date/Time: 23/08/2017 1:05:26 PM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
#30
Posted 25 August 2017 - 07:04 PM
frogg25
- Topic Starter
-
- Member
-
- 33 posts
Member
It seems that the internet is once again taking a long time to connect.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
