Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Intermittent wifi issues and slow computer


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP

We lived on Orcas for 5 years.  I loved it but 3 years ago my wife talked me into moving back to Florida so she could be near her granddaughter.  I hate Florida and really miss Orcas.  This was the view from our Orcas property where we had planned to build:

 

P1010009.JPG

 

(Trees need a trim but they are on our 5 acre property)

 

Not sure what is going on.  Dismhost is still doing something and now Chrome is eating a lot of CPU time. 

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


Run Process Explorer as before and post the log.

 

Let's also see if RogueKiller sees anything.

 

http://www.adlice.co...iller/#download

Portable 64 bits

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 

 

 

 

 

 

 


  • 0

Advertisements


#17
SumMom

SumMom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Oh!  My heart breaks for you that you ever had to leave.  The pull of a grandchild is mighty.  We just had ours 10 months ago or I might not have understood.  How to you come to own property?  Family?  Fortune?  Both?
 
 
 
scannow result: d Windows did not find any integrity violations... Phew
 
VINO system result:
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/07/2018 5:30:07 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2018 9:47:19 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/06/2018 4:41:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/05/2018 5:54:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/05/2018 4:17:56 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 28/04/2018 3:14:19 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/04/2018 7:12:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/04/2018 6:55:19 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 08/04/2018 4:11:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 29/03/2018 4:18:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 09/03/2018 5:48:11 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/02/2018 6:26:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 31/01/2018 2:37:39 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2018 9:46:25 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:41:20 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:37:28 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.
 
Log: 'System' Date/Time: 08/07/2018 9:33:22 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user PC\Owner SID (S-1-5-21-3571816096-2060556278-31395193-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:31:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:31:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:31:13 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.2.0 service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 08/07/2018 8:37:20 PM
Type: Error Category: 0
Event: 8003 Source: bowser
The master browser has received a server announcement from the computer ROLAND-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B8F28657-6E8A-4FED-B22C-341D02A71645}. The master browser is stopping or an election is being forced.
 
Log: 'System' Date/Time: 08/07/2018 7:58:37 PM
Type: Error Category: 0
Event: 10142 Source: Microsoft-Windows-WinRM
The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.
 
Log: 'System' Date/Time: 08/07/2018 4:20:56 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 2:14:57 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 2:05:37 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 2:01:07 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user PC\Owner SID (S-1-5-21-3571816096-2060556278-31395193-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 1:59:57 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 1:59:57 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 1:55:32 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.2.0 service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 08/07/2018 10:27:26 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:14:24 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 07/07/2018 10:27:21 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 07/07/2018 10:22:17 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2018 9:31:11 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 08/07/2018 9:31:11 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 08/07/2018 9:30:52 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/07/2018 8:53:39 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\ROLAND-PC on the network \Device\NetBT_Tcpip_{B8F28657-6E8A-4FED-B22C-341D02A71645}.    Browser master: \\ROLAND-PC  Network: \Device\NetBT_Tcpip_{B8F28657-6E8A-4FED-B22C-341D02A71645}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.
 
Log: 'System' Date/Time: 08/07/2018 6:21:05 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ch3302.storage.live.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2018 2:20:16 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/07/2018 1:55:29 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 08/07/2018 1:55:29 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 08/07/2018 1:55:10 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/07/2018 1:43:32 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name array803-prod.do.dsp.mp.microsoft.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2018 12:02:43 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 07/07/2018 10:12:07 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 07/07/2018 10:12:07 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 07/07/2018 10:11:58 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 07/07/2018 9:53:29 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 07/07/2018 9:53:29 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 07/07/2018 9:48:15 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 07/07/2018 9:48:13 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 07/07/2018 9:47:51 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 07/07/2018 9:47:51 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
VINO Application result:
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/07/2018 5:30:07 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2018 9:47:19 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/06/2018 4:41:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/05/2018 5:54:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/05/2018 4:17:56 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 28/04/2018 3:14:19 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/04/2018 7:12:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/04/2018 6:55:19 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 08/04/2018 4:11:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 29/03/2018 4:18:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 09/03/2018 5:48:11 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/02/2018 6:26:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 31/01/2018 2:37:39 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2018 9:46:25 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:41:20 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:37:28 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Delivery Optimization service hung on starting.
 
Log: 'System' Date/Time: 08/07/2018 9:33:22 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user PC\Owner SID (S-1-5-21-3571816096-2060556278-31395193-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:31:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:31:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:31:13 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.2.0 service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 08/07/2018 8:37:20 PM
Type: Error Category: 0
Event: 8003 Source: bowser
The master browser has received a server announcement from the computer ROLAND-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B8F28657-6E8A-4FED-B22C-341D02A71645}. The master browser is stopping or an election is being forced.
 
Log: 'System' Date/Time: 08/07/2018 7:58:37 PM
Type: Error Category: 0
Event: 10142 Source: Microsoft-Windows-WinRM
The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.
 
Log: 'System' Date/Time: 08/07/2018 4:20:56 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 2:14:57 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 2:05:37 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 2:01:07 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user PC\Owner SID (S-1-5-21-3571816096-2060556278-31395193-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 1:59:57 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 1:59:57 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 1:55:32 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.2.0 service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 08/07/2018 10:27:26 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/07/2018 9:14:24 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 07/07/2018 10:27:21 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 07/07/2018 10:22:17 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2018 9:31:11 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 08/07/2018 9:31:11 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 08/07/2018 9:30:52 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/07/2018 8:53:39 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\ROLAND-PC on the network \Device\NetBT_Tcpip_{B8F28657-6E8A-4FED-B22C-341D02A71645}.    Browser master: \\ROLAND-PC  Network: \Device\NetBT_Tcpip_{B8F28657-6E8A-4FED-B22C-341D02A71645}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.
 
Log: 'System' Date/Time: 08/07/2018 6:21:05 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ch3302.storage.live.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2018 2:20:16 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/07/2018 1:55:29 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 08/07/2018 1:55:29 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 08/07/2018 1:55:10 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/07/2018 1:43:32 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name array803-prod.do.dsp.mp.microsoft.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2018 12:02:43 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 07/07/2018 10:12:07 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 07/07/2018 10:12:07 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 07/07/2018 10:11:58 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 07/07/2018 9:53:29 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 07/07/2018 9:53:29 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 07/07/2018 9:48:15 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 07/07/2018 9:48:13 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
 
Log: 'System' Date/Time: 07/07/2018 9:47:51 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 07/07/2018 9:47:51 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Process Explorer results:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 82.07 52 K 8 K 0
explorer.exe 17.77 64,440 K 129,596 K 6256 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 8.43 30,884 K 70,132 K 5080 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
CarboniteService.exe 5.02 25,416 K 41,608 K 3644 Carbonite Secure Backup Engine Carbonite, Inc. (www.carbonite.com) (Verified) Carbonite
Interrupts 1.90 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 1.89 26,228 K 37,768 K 892
chrome.exe 1.47 166,104 K 200,252 K 9396 Google Chrome Google Inc. (Verified) Google Inc
System 0.92 244 K 2,000 K 4
svchost.exe 1.10 5,984 K 11,512 K 356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.70 4,056 K 4,996 K 704
TabTip.exe 0.68 3,852 K 14,348 K 8836
dllhost.exe 0.61 1,588 K 7,068 K 7268 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
HPMSGSVC.exe 0.44 1,492 K 7,692 K 9780 HP Message Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
svchost.exe 0.39 74,652 K 79,588 K 1916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.01 7,136 K 14,456 K 768 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.22 3,148 K 8,684 K 1724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.19 4,904 K 11,948 K 2176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.18 60,400 K 106,784 K 11504 Google Chrome Google Inc. (Verified) Google Inc
AvastSvc.exe 0.17 127,236 K 40,736 K 2844 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
AvastUI.exe 0.12 28,552 K 41,968 K 8084 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
CarboniteUI.exe 0.11 12,676 K 31,936 K 10096 Carbonite User Interface Carbonite, Inc. (Verified) Carbonite
chrome.exe 0.09 67,640 K 96,420 K 8264 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.08 60,588 K 70,616 K 8248 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.07 4,392 K 10,684 K 1592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 0.06 34,176 K 36,156 K 7992 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
googledrivesync.exe 0.05 61,872 K 22,484 K 10164 Google Drive Google (Verified) Google Inc
svchost.exe 0.04 5,104 K 12,964 K 2920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.03 32,444 K 49,652 K 11676 Google Chrome Google Inc. (Verified) Google Inc
services.exe 5,176 K 8,452 K 748
Panda_URL_Filteringb.exe 0.02 2,500 K 9,512 K 3832 Anti-phishing Domain Advisor (Powered by Panda Security) Visicom Media Inc. (Verified) Visicom Media Inc.
iCloudPhotos.exe 0.01 26,632 K 42,080 K 7428 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
Memory Compression 0.01 392 K 131,040 K 1184
HPNetworkCommunicatorCom.exe < 0.01 4,212 K 12,772 K 10964 HPNetworkCommunicatorCom Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe < 0.01 10,780 K 28,856 K 7832 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,684 K 15,128 K 9404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,952 K 13,080 K 2496 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 12,756 K 14,596 K 1264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe < 0.01 4,128 K 12,340 K 3608 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 4,500 K 18,136 K 3952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 5,320 K 17,696 K 5164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
officeclicktorun.exe < 0.01 24,692 K 33,600 K 3676 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
OneDrive.exe < 0.01 15,040 K 43,724 K 9312 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
TouchpointAnalyticsClientService.exe < 0.01 45,000 K 40,628 K 10684 HP Touchpoint Analytics Client Service HP Inc. (Verified) HP Inc.
ApplePhotoStreams.exe < 0.01 11,120 K 28,920 K 8640 iCloud Photo Stream Apple Inc. (Verified) Apple Inc.
SynTPEnh.exe < 0.01 6,768 K 20,084 K 5488 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
PhotoshopElementsFileAgent.exe < 0.01 2,520 K 1,280 K 10260 Adobe Photoshop Elements 13.0 (component) Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
svchost.exe < 0.01 2,376 K 10,852 K 2712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe 2,856 K 8,908 K 9180
winlogon.exe 2,544 K 9,324 K 832
wininit.exe 1,324 K 5,132 K 688
unsecapp.exe 1,308 K 6,168 K 9740
taskhostw.exe 5,620 K 13,476 K 5268 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 1,320 K 4,472 K 9008
SynTPHelper.exe 1,024 K 3,920 K 6204
SynTPEnhService.exe 1,184 K 3,884 K 3908 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 3,192 K 12,220 K 5468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,800 K 23,660 K 3748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 10,488 K 24,960 K 976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,276 K 8,200 K 1376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,976 K 14,672 K 1132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,388 K 6,704 K 508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,364 K 5,116 K 1924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,268 K 6,740 K 1524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,732 K 6,508 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,892 K 10,880 K 2292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 22,340 K 29,120 K 3696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,060 K 7,360 K 3264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,236 K 11,224 K 5864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,396 K 8,312 K 3820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,100 K 16,320 K 1712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,748 K 5,680 K 2480 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,176 K 18,268 K 5672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,208 K 15,160 K 3728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,956 K 8,324 K 5684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,324 K 10,656 K 2508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,968 K 6,684 K 2724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,560 K 10,800 K 5608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,960 K 9,384 K 7096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,668 K 10,104 K 1052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,132 K 6,368 K 3860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,284 K 13,436 K 11004 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,000 K 5,864 K 1392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,300 K 14,292 K 1164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 34,916 K 31,604 K 3920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,780 K 12,016 K 3632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,956 K 6,392 K 1936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,608 K 8,968 K 7084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,160 K 8,060 K 3592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,780 K 7,656 K 6272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 988 K 3,188 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,176 K 8,584 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,984 K 10,716 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,636 K 10,016 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,840 K 5,792 K 1360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,808 K 7,516 K 1416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 6,904 K 1832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,236 K 8,540 K 1512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,912 K 6,716 K 2064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,516 K 10,116 K 3812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,664 K 9,544 K 3884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,328 K 4,956 K 3900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,672 K 6,088 K 3928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,484 K 10,956 K 504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,636 K 5,508 K 3372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,344 K 4,644 K 3500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,396 K 4,748 K 5108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,608 K 5,904 K 5116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,796 K 6,084 K 4164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,688 K 25,104 K 5184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,712 K 5,328 K 5344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,472 K 5,864 K 5952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,292 K 9,456 K 6968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,364 K 26,420 K 9024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 7,780 K 16,224 K 3224 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 524 K 1,012 K 408
smartscreen.exe 9,596 K 15,620 K 6044 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 5,540 K 22,032 K 5172 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 29,120 K 44,252 K 6196 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 2,312 K 4,028 K 5892 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SetPoint.exe 7,040 K 18,476 K 7504 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech Inc
SecurityHealthService.exe 4,028 K 13,680 K 3936 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe 7,312 K 21,420 K 9360 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 101,624 K 172,268 K 7464 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,452 K 20,800 K 8912 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,772 K 6,256 K 8880 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,228 K 17,452 K 7492 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 5,360 K 15,916 K 9512 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RemindersServer.exe Suspended 8,772 K 19,256 K 8072 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3,360 K 11,004 K 3376 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
notepad.exe 16,292 K 52,872 K 9648 Notepad Microsoft Corporation (Verified) Microsoft Windows
MSASCuiL.exe 1,872 K 8,824 K 6916 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1,788 K 5,188 K 3616 Bonjour Service Apple Inc. (Verified) Apple Inc.
KHALMNPR.exe 3,588 K 10,428 K 3760 Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech
iCloudServices.exe 33,032 K 50,280 K 9020 iCloud Services Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe 11,744 K 25,344 K 6268 iCloud Drive Apple Inc. (Verified) Apple Inc.
HPWMISVC.exe 1,228 K 5,600 K 2444 HP WMI Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe 35,528 K 34,684 K 7588 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
hpqwmiex.exe 1,816 K 8,540 K 9812 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
HP3DDGService.exe 608 K 2,328 K 2384 HP3DDGService HP (Verified) HP Inc.
googledrivesync.exe 1,048 K 4,420 K 5292 Google Drive Google (Verified) Google Inc
GoogleCrashHandler64.exe 1,596 K 0 K 3960
GoogleCrashHandler.exe 1,580 K 4 K 700
Fuel.Service.exe 1,676 K 6,668 K 3600 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
fontdrvhost.exe 4,388 K 8,120 K 964
fontdrvhost.exe 1,632 K 2,620 K 948
dllhost.exe 2,936 K 9,172 K 1968
dllhost.exe 1,944 K 9,964 K 8712 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dgnsvc.exe 1,460 K 6,736 K 3684 Dragon NaturallySpeaking Service Nuance Communications, Inc. (Verified) Nuance Communications
dasHost.exe 4,476 K 12,792 K 1476
ctfmon.exe 2,972 K 12,856 K 8816
csrss.exe < 0.01 1,956 K 4,624 K 588
CoolSense.exe 2,224 K 10,484 K 9768 HP CoolSense Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
chrome.exe 61,440 K 61,180 K 9556 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3,936 K 13,488 K 9684 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,008 K 23,764 K 1488 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,136 K 20,464 K 10140 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 27,948 K 32,172 K 5000 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 35,848 K 55,120 K 7484 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 49,988 K 67,668 K 9756 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 13,656 K 23,184 K 1208 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,196 K 8,760 K 9900 Google Chrome Google Inc. (Verified) Google Inc
atiesrxx.exe 1,432 K 4,560 K 1668 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,408 K 8,896 K 1904
armsvc.exe 1,288 K 5,948 K 3584 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe 4,808 K 16,284 K 10236 Apple Push Apple Inc. (Verified) Apple Inc.
 
Rogue is now running for 1:24:46 and MS wants to run something on my computer so I may lose this and have to re-run tomorrow...

  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP

We had a time share you could move around and decided to stay in Whistler for a week.  Didn't much care for Whistler and checked out a day early.  Had nothing planned so took the ferry to San Juan island because the guide book said it was a pleasant trip.  Fell in love with the area and went back on Xmas break to look for a house or property.  Found the land but it was a bit over our budget.  Couple of days later on Whitney Island I came up to an intersection and stopped at the stop sign.  For some reason I thought it was a T intersection and that I was on one of the crossbars.  Didn't even look to the left until after I started to go then saw a flicker on the edge of my vision and slammed on the brakes.  It was a bus coming at 50 MPH.  He just missed me.  After I stopped shaking I told my wife that if I was going to die I wanted the property on Orcas that we both really liked so we called up the real estate agent and met him back on Orcas the next day and bought it.  Once we both retired I packed up the car and we drove to Orcas.  Unfortunately I rented a house near our property that was very cold and drafty and my wife was unhappy living on the mountain.  We moved down to a rental house right on the water which she liked a lot better so we never built the dream house.  They sold that house so I let my wife talk me into moving back to Florida.

 

Looking at Process Explorer this does not look right:

explorer.exe 17.77 64,440 K 129,596 K 6256 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

 

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it (Expect you need to right click and Run As Admin) and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and make a new Process Explorer log.  Remember to wait 1 minute before saving the log.

 

Log: 'System' Date/Time: 08/07/2018 7:58:37 PM
Type: Error Category: 0
Event: 10142 Source: Microsoft-Windows-WinRM
The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.
 

 

 

The service is normally not on unless you are controlling the PC remotely.  Search for

services.msc

hit Enter

Find the Windows Remote Management (WS-Management).  Right click and select Properties.  Change the Startup Type: to Manual  Apply.  Stop the service.

 

I think we need some updates to your WiFi driver and your Video driver.  What model number is this? 

 

Rogue Killer usually only takes 25 minutes so something is wrong.


  • 0

#19
SumMom

SumMom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
 
I hope you get back one day. Maybe another incident will direct you back; not death defying however. Florida is quite a difference from Orcas Island.  
 
Process Explorer:
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 80.87 52 K 8 K 0
CarboniteService.exe 9.54 17,372 K 44,492 K 10632 Carbonite Secure Backup Engine Carbonite, Inc. (www.carbonite.com) (Verified) Carbonite
procexp64.exe 4.43 33,040 K 65,984 K 12028 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 1.00 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.85 192 K 2,568 K 4
dwm.exe 0.81 31,416 K 43,280 K 972 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
HPNetworkCommunicatorCom.exe 0.60 3,388 K 11,832 K 10092 HPNetworkCommunicatorCom Hewlett-Packard Co. (Verified) Hewlett Packard
rundll32.exe 0.34 3,660 K 15,356 K 9136 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 0.33 7,812 K 18,452 K 3708 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.32 4,124 K 5,084 K 696 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.17 46,012 K 55,092 K 1748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.11 74,356 K 105,848 K 9272 Google Chrome Google Inc. (Verified) Google Inc
AvastUI.exe 0.11 19,444 K 19,596 K 9144 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
svchost.exe 0.11 6,720 K 12,268 K 540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.07 128,288 K 184,876 K 9208 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.06 15,352 K 17,584 K 1416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.05 49,204 K 106,320 K 5604 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.04 41,532 K 56,584 K 9304 Google Chrome Google Inc. (Verified) Google Inc
AvastSvc.exe 0.03 94,644 K 39,868 K 3016 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
Panda_URL_Filteringb.exe 0.03 8,272 K 15,572 K 4316 Anti-phishing Domain Advisor (Powered by Panda Security) Visicom Media Inc. (Verified) Visicom Media Inc.
googledrivesync.exe 0.03 62,068 K 77,300 K 9488 Google Drive Google (Verified) Google Inc
AppleMobileDeviceService.exe 0.02 4,044 K 13,560 K 4256 MobileDeviceService Apple Inc. (Verified) Apple Inc.
chrome.exe 0.02 33,188 K 46,492 K 12100 Google Chrome Google Inc. (Verified) Google Inc
iCloudPhotos.exe 0.01 24,828 K 45,896 K 8624 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
svchost.exe 0.01 2,788 K 7,844 K 576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dgnsvc.exe 0.01 1,764 K 7,244 K 4332 Dragon NaturallySpeaking Service Nuance Communications, Inc. (Verified) Nuance Communications
svchost.exe 0.01 6,816 K 16,980 K 10892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe < 0.01 6,200 K 20,388 K 5032 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
SearchIndexer.exe < 0.01 29,016 K 26,572 K 7908 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
officeclicktorun.exe < 0.01 10,288 K 20,800 K 4324 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 11,904 K 28,152 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
ApplePhotoStreams.exe < 0.01 10,508 K 32,928 K 8552 iCloud Photo Stream Apple Inc. (Verified) Apple Inc.
lsass.exe < 0.01 7,596 K 17,708 K 860 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
iCloudDrive.exe < 0.01 11,880 K 31,336 K 8584 iCloud Drive Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 5,456 K 18,908 K 5196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
TouchpointAnalyticsClientService.exe < 0.01 40,764 K 44,168 K 4808 HP Touchpoint Analytics Client Service HP Inc. (Verified) HP Inc.
notepad.exe < 0.01 13,812 K 41,404 K 11612 Notepad Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,092 K 5,148 K 600 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
PhotoshopElementsFileAgent.exe < 0.01 2,592 K 664 K 8752 Adobe Photoshop Elements 13.0 (component) Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
WmiPrvSE.exe 3,484 K 9,556 K 10516 WMI Provider Host Microsoft Corporation
WmiPrvSE.exe 3,524 K 9,004 K 10328 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,404 K 10,020 K 764 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,604 K 6,380 K 712 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,500 K 6,672 K 8676 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 6,212 K 14,208 K 3836 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TabTip.exe 3,792 K 15,348 K 6524 Touch Keyboard and Handwriting Panel Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,068 K 4,288 K 2676 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPEnhService.exe 1,340 K 4,980 K 4284 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 2,568 K 11,472 K 2992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,448 K 15,872 K 2932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,440 K 28,144 K 3700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,780 K 12,280 K 2708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,324 K 9,248 K 2148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,412 K 24,652 K 3592 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,736 K 20,124 K 4164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,352 K 20,008 K 2720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,760 K 11,568 K 1716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,648 K 14,256 K 1332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,828 K 19,656 K 3380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,460 K 27,336 K 8376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,572 K 13,088 K 2408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,428 K 8,576 K 4820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,112 K 7,752 K 3336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,700 K 22,460 K 1268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,176 K 17,204 K 4084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,524 K 23,204 K 4148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,776 K 6,624 K 5944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,940 K 10,976 K 1424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,788 K 17,884 K 4200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,220 K 7,060 K 2844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,952 K 8,648 K 1596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,920 K 7,052 K 1564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,208 K 6,752 K 4396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,972 K 6,244 K 2704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,156 K 11,104 K 1204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,460 K 5,516 K 1756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,368 K 7,360 K 1612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,248 K 7,516 K 1768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,196 K 15,476 K 1640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,316 K 10,660 K 6952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,780 K 9,028 K 1792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,272 K 19,436 K 7596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,264 K 10,388 K 4140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,416 K 10,152 K 8976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,608 K 10,744 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,812 K 6,492 K 11432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,452 K 10,340 K 6972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,688 K 10,176 K 4188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,852 K 7,476 K 6244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,692 K 12,040 K 2972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,064 K 3,796 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,396 K 9,280 K 1128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,772 K 6,668 K 1148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,916 K 7,768 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,400 K 9,016 K 1844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,132 K 7,576 K 1896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,884 K 6,316 K 1904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,812 K 6,656 K 2000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,144 K 6,532 K 2012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,928 K 11,024 K 2036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,612 K 8,652 K 2084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,956 K 6,492 K 3572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,592 K 9,220 K 3680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,300 K 6,972 K 4116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,832 K 10,712 K 4124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,752 K 6,248 K 4132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,080 K 11,728 K 4156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,740 K 6,372 K 4172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,440 K 5,364 K 4180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,468 K 5,192 K 4768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,952 K 5,704 K 1664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,500 K 5,924 K 5784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,924 K 6,828 K 5936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,048 K 8,620 K 728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
smss.exe 664 K 1,176 K 416 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 17,600 K 26,492 K 6276 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 6,280 K 23,340 K 3600 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 27,728 K 63,936 K 3196 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 1,708 K 3,588 K 6240 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 2,396 K 4,280 K 6732 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SetPoint.exe 7,636 K 26,288 K 8328 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc. (Verified) Logitech Inc
services.exe 6,628 K 10,716 K 840 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthService.exe 4,300 K 15,168 K 4220 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
secd.exe 6,928 K 24,704 K 8596 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchUI.exe Suspended 106,656 K 177,140 K 4628 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,124 K 21,064 K 7268 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 9,720 K 30,052 K 7732 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,020 K 21,340 K 6188 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RemindersServer.exe Suspended 7,916 K 21,684 K 7260 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
Registry 3,164 K 9,224 K 104
procexp.exe 3,128 K 10,204 K 1032 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
OneDrive.exe 14,380 K 44,604 K 8656 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
MSASCuiL.exe 1,992 K 9,044 K 8280 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
Memory Compression 92 K 6,412 K 1940
mDNSResponder.exe 1,808 K 6,248 K 4308 Bonjour Service Apple Inc. (Verified) Apple Inc.
KHALMNPR.exe 3,540 K 10,644 K 9004 Logitech KHAL Main Process Logitech, Inc. (Verified) Logitech
iCloudServices.exe 22,776 K 53,016 K 8508 iCloud Services Apple Inc. (Verified) Apple Inc.
HPWMISVC.exe 1,492 K 6,264 K 10112 HP WMI Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe 35,356 K 47,680 K 6796 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
hpqwmiex.exe 1,956 K 9,312 K 7288 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
HPMSGSVC.exe 1,712 K 7,976 K 10008 HP Message Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
googledrivesync.exe 1,016 K 4,548 K 8464 Google Drive Google (Verified) Google Inc
GoogleCrashHandler64.exe 1,692 K 328 K 5636 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler.exe 1,764 K 300 K 10408 Google Crash Handler Google Inc. (Verified) Google Inc
Fuel.Service.exe 1,948 K 7,512 K 4300 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
fontdrvhost.exe 3,696 K 6,224 K 992 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,636 K 3,588 K 996 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,628 K 10,224 K 9396 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,000 K 11,172 K 3920 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,060 K 9,628 K 11200 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 6,424 K 16,048 K 1280 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 3,820 K 13,760 K 6484 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
CoolSense.exe 2,572 K 11,208 K 9132 HP CoolSense Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
chrome.exe 34,324 K 49,596 K 7856 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 56,020 K 72,004 K 9296 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,252 K 22,532 K 8920 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 27,744 K 39,728 K 9280 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 60,472 K 65,868 K 12220 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 13,512 K 21,176 K 12228 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 22,484 K 32,516 K 9288 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,268 K 9,080 K 8692 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,368 K 8,532 K 5488 Google Chrome Google Inc. (Verified) Google Inc
atiesrxx.exe 1,440 K 5,548 K 1632 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,512 K 9,416 K 1724 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe 1,668 K 6,564 K 4240 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
APSDaemon.exe 5,476 K 16,408 K 7936 Apple Push Apple Inc. (Verified) Apple Inc.
 
___
Startup Type was Manual.  I left it that way.
 
___
Wifi Router: R6300v2 Smart WiFi Router.  Is that what you're looking for?
 
___
Rogue Killer - Still running long.  I attached a screen shot.  

Attached Thumbnails

  • RogueKiller Screenshot.JPG

  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP

We still own the land on Orcas so there's still hope.  Thinking about putting a small house there so we can get out of FL in the summer.

 

Process Explorer now looks pretty good except for Carbonite.  I don't use it so not sure if it's normal for it to use so much CPU time.

 

I just ran Rogue Killer this morning and it took about an hour.  Much longer than previous versions but it did finish.  As usual it still finds a lot of false positives so don't panic if it detects a bunch of stuff.

Just leave it running and post the log so I can see if there is anything that really needs removing.  (If you have to you can close it but there doesn't seem to be a way of getting back to the final report without rerunning the scan.)


  • 0

#21
SumMom

SumMom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Finally!  Almost 2 hours:

 

RogueKiller report:
 
RogueKiller V12.12.26.0 (x64) [Jul  9 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 07/09/2018 10:06:54 (Duration : 01:53:33)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 30 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll) -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} : Panda Security Toolbar (C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll)  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0c0a2277-4bd3-4e28-bd32-48f83edcc842} | DhcpNameServer : 172.20.10.1 ([X])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6BED2BA7-7EE0-421F-819D-168785BCBB23} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Owner\AppData\Local\Temp\7zS18D5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F67360EC-D1B4-4492-BF95-126FB166C09A} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Owner\AppData\Local\Temp\7zS18D5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {00C14A15-BA90-42E0-90AF-F6501B2B34CE} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe|Name=ToolbarCleaner| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6121C2E9-D55E-4AEA-8056-FCF01E4A60E4} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe|Name=ToolbarCleaner| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2DDFEF7C-4252-47A7-A850-7F6DE7AAE8A2} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\pandasecuritytb\cleanupie.exe|Name=Panda Security Toolbar IE Cleaner| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CE704780-EA55-45B5-863D-329DC98C67BA} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\pandasecuritytb\cleanupie.exe|Name=Panda Security Toolbar IE Cleaner| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {921CE967-0573-4D10-AAA0-300AFB330F3E} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\pandasecuritytb\dtuser.exe|Name=Panda Security Toolbar DTX Broker| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A78FD93C-B533-401E-823E-2461329B8FE1} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\pandasecuritytb\dtuser.exe|Name=Panda Security Toolbar DTX Broker| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0965F846-D44F-4F7D-B066-5877018DE037} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe|Name=ToolbarCleaner| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E1DF5F8A-6CE9-4C46-8D8F-68EEDB4A2D6F} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe|Name=ToolbarCleaner| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{A27AC6B7-9386-4046-A5FC-CA4E784E252C}C:\users\owner\appdata\local\temp\7zs46a4\enterprisedu.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\owner\appdata\local\temp\7zs46a4\enterprisedu.exe|Name=DeviceUpdate|Desc=DeviceUpdate|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{17E70F61-2A90-4038-99C1-E3E301908547}C:\users\owner\appdata\local\temp\7zs46a4\enterprisedu.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\owner\appdata\local\temp\7zs46a4\enterprisedu.exe|Name=DeviceUpdate|Desc=DeviceUpdate|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DA255DC9-2407-4C72-A10A-6EE58EF0F48E} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Owner\AppData\Local\Temp\7zS4E94\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C19CD7DF-1589-44A7-81AA-93A1AB02F7AC} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Owner\AppData\Local\Temp\7zS4E94\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {EE26E174-F3C5-49ED-AF96-4375BFCDBECD} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Owner\AppData\Local\Temp\7zS4F10\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {800C00E8-0043-4285-912D-0520878E7EC6} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Owner\AppData\Local\Temp\7zS4F10\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {18E10B91-7357-48E0-9BEE-0ABBF4D0DDF1} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Owner\AppData\Local\Temp\7zS05FF\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {31DF2E4F-9E8E-47E5-9D91-A52BA735A296} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Owner\AppData\Local\Temp\7zS05FF\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {957EB282-E084-47CC-B39B-80D364889A03} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Owner\AppData\Local\Temp\7zS47A6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {300DA682-686B-463F-8588-B8A412BB71A1} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Owner\AppData\Local\Temp\7zS47A6\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F2BB004C-5B84-479B-8369-CCAF95A19623} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Owner\AppData\Local\Temp\7zS2A62\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D1CC354E-D6A5-4079-9DA4-3B563E7D9575} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Owner\AppData\Local\Temp\7zS2A62\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FB992C17-D058-4DD3-A5AD-3339C78A723C} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Owner\AppData\Local\Temp\7zS46D5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0FE2E7E4-F32E-4911-8F01-36A810ACFB00} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Owner\AppData\Local\Temp\7zS46D5\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {55DA8EEB-690B-495A-95A3-B26CA824A927} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Owner\AppData\Local\Temp\7zS4942\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {88857203-A1FA-4BCA-8BE0-72BCA49B776D} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Owner\AppData\Local\Temp\7zS4942\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Owner\AppData\Roaming\Easeware -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : AVG Web TuneUp [chfdnecihphmhljaaejmgoiahnihplgn] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://outlook.live...&lpnorefresh=1]-> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541075A9E680 SATA Disk Device +++++
--- User ---
[MBR] 0d4514fd1ff27ed225dbbbc037f090a1
[BSP] 2bdd9c9bc5ecd9db876a447f281b6354 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 683855 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1402152960 | Size: 1745 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1405726720 | Size: 29014 MB
User = LL1 ... OK
User = LL2 ... OK

  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP

You can close Rogue Killer.  Nothing important found.

 

When I asked for the model number I meant for your PC.  Some of your drivers are out of date and it's best to get them from the PC maker's website. 


  • 0

#23
SumMom

SumMom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts

Ah...  Model # m6-k022dx 


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP

Your HP  Photosmart 7520 Software is a bit out of date.  Latest at:

 

https://support.hp.c...1/model/5199462

 

HP doesn't show a Ralink Wifi driver under Win 10 64 but there is one under Win 8 64.  Unfortunately it's the same version as what you have.

 

For your Ralink Blue Tooth (which is showing errors)  they do have a slightly newer one

:Mediatek (Ralink) Bluetooth Software Driver
    11.0.748.2    88.5 MB    Dec 21, 2013

       

Https://support.hp.com/us-en/drivers/selfservice/hp-envy-touchsmart-m6-k000-sleekbook/5375391/model/5447423

You may have to tell it Win 8.1 64 in order to see it.  It's under Driver-Network

 

See if it will install.

 

Your graphics driver is newer than the one they offer but I don't think it's the latest by any means.  If you go to AMD's site:

 

https://support.amd.com/en-us/download

 

and do the automatically detect and install your driver option you should

get the latest one.

 

Once you have updated your drivers copy the next line:

 

for  /F  "tokens=*"  %1  in  ('wevtutil.exe  el')  DO  wevtutil.exe  cl  "%1"
 

 

Open an Elevated Command Prompt:
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter

 

Reboot and run VEW again as before.


  • 0

#25
SumMom

SumMom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
My laptop is running slow again after these last updates.  Boo
 
I don't like to update my printer driver.  It never works cleanly.  This time was no exception, but it's done.
 
Ralink Ralink Blue Tooth:  uploaded. It said it already existed.  I overwrote it. 
       
The graphics driver is updated.
Once you have updated your drivers copy the next line: done and done again after I really ran the graphics driver update. I found it waiting for a response under my windows. There was a failure of some gaming module with the update. I pasted the log below all.
 
VEW log:
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 10/07/2018 12:27:30 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/07/2018 5:26:10 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 10/07/2018 5:18:20 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user PC\Owner SID (S-1-5-21-3571816096-2060556278-31395193-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 10/07/2018 5:16:11 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 10/07/2018 5:16:11 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 10/07/2018 5:15:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.2.0 service failed to start due to the following error:  The system cannot find the file specified.
 
Log: 'System' Date/Time: 10/07/2018 5:12:31 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user PC\Owner SID (S-1-5-21-3571816096-2060556278-31395193-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/07/2018 5:15:56 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).
 
Log: 'System' Date/Time: 10/07/2018 5:15:56 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 80-56-F2-6F-5A-3F has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).
 
Log: 'System' Date/Time: 10/07/2018 5:15:44 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
 
___
AMD Log:
 
 
Catalyst™ Install Manager
Installation Report
07/10/18 11:55:14
 
 
Hardware information
 
Name AMD Radeon HD 8610G 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x990f 
Vendor ID 0x1002 
Class Code 0x030000 
Revision ID 0x00 
Subsystem ID 0x1995 
Subsystem vendor ID 0x103c 
Other hardware 
 
Existing packages
OEM Application Profiles 
AMD Catalyst Install Manager 
Microsoft Visual C++ 2010 Redistributable 
AMD Display Driver 
HDMI Audio Driver 
AMD USB Filter Driver 
Microsoft Visual C++ 2010 Redistributable 
AMD SATA Controller Driver 
AMD Accelerated Video Transcoding 
AMD VISION Engine Control Center 
 
Packages for install
AMD Display Driver
Final Status: Success 
Version of Item: 15.200.1062.1004 
Size: 90 Mbytes 
HDMI Audio Driver
Final Status: Success 
Version of Item: 10.0.0.01 
Size: 1 Mbytes 
AMD Catalyst Control Center
Final Status: Success 
Version of Item: 2015.0804.21.41908 
Size: 150 Mbytes 
AMD Catalyst Install Manager
Final Status: Success 
Version of Item: 8.0.916.0 
Size: 20 Mbytes 
AMD Quick Stream Technology
Final Status: Success 
Version of Item: 4.0.2.0 
Size: 9 Mbytes 
AMD Gaming Evolved App
Final Status: Fail 
Version of Item: 2.11.000 
Size: 49 Mbytes 
 
 
Other detected devices 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x9902 
Vendor ID 0x1002 
Class Code 0x040300 
Revision ID 0x00 
Subsystem ID 0x1995 
Subsystem vendor ID 0x103c 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x7804 
Vendor ID 0x1022 
Class Code 0x010601 
Revision ID 0x00 
Subsystem ID 0x1995 
Subsystem vendor ID 0x103c 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x780d 
Vendor ID 0x1022 
Class Code 0x040300 
Revision ID 0x01 
Subsystem ID 0x1995 
Subsystem vendor ID 0x103c 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1401 
Vendor ID 0x1022 
Class Code 0x060000 
Revision ID 0x00 
Subsystem ID 0x0000 
Subsystem vendor ID 0x0000 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1415 
Vendor ID 0x1022 
Class Code 0x060400 
Revision ID 0x00 
Subsystem ID 0x1234 
Subsystem vendor ID 0x1022 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x780b 
Vendor ID 0x1022 
Class Code 0x0c0500 
Revision ID 0x16 
Subsystem ID 0x1995 
Subsystem vendor ID 0x103c 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x780f 
Vendor ID 0x1022 
Class Code 0x060401 
Revision ID 0x40 
Subsystem ID 0x0000 
Subsystem vendor ID 0x0000 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1403 
Vendor ID 0x1022 
Class Code 0x060000 
Revision ID 0x00 
Subsystem ID 0x0000 
Subsystem vendor ID 0x0000 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1410 
Vendor ID 0x1022 
Class Code 0x060000 
Revision ID 0x00 
Subsystem ID 0x1995 
Subsystem vendor ID 0x103c 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1417 
Vendor ID 0x1022 
Class Code 0x060400 
Revision ID 0x00 
Subsystem ID 0x1234 
Subsystem vendor ID 0x1022 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1400 
Vendor ID 0x1022 
Class Code 0x060000 
Revision ID 0x00 
Subsystem ID 0x0000 
Subsystem vendor ID 0x0000 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1414 
Vendor ID 0x1022 
Class Code 0x060400 
Revision ID 0x00 
Subsystem ID 0x1234 
Subsystem vendor ID 0x1022 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1405 
Vendor ID 0x1022 
Class Code 0x060000 
Revision ID 0x00 
Subsystem ID 0x0000 
Subsystem vendor ID 0x0000 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1402 
Vendor ID 0x1022 
Class Code 0x060000 
Revision ID 0x00 
Subsystem ID 0x0000 
Subsystem vendor ID 0x0000 
 
 
 
Manufacturer Advanced Micro Devices, Inc. 
Device ID 0x1404 
Vendor ID 0x1022 
Class Code 0x060000 
Revision ID 0x00 
Subsystem ID 0x0000 
Subsystem vendor ID 0x0000 
 
 
Error messages 
___

  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP

Make a new Process Explorer log so I can see why it's slow.

 

Copy the next line:

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AODDriver4.3"

 

 

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied line should appear.
Hit Enter.  You should get something like this:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AODDriver4.3
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    ErrorControl    REG_DWORD    0x1
    ImagePath    REG_EXPAND_SZ    \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    DisplayName    REG_SZ    AODDriver4.3

 

If you do then (and only if you do)  Copy the next line:

 

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AODDriver4.2"

 

and paste it into your Elevated Command Prompt

 

This should get rid of your error:

Log: 'System' Date/Time: 10/07/2018 5:15:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AODDriver4.2.0 service failed to start due to the following error:  The system cannot find the file specified.

  • 0

#27
SumMom

SumMom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Process Explorer log:
 
 Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 84.41 52 K 8 K 0
CarboniteService.exe 6.83 22,040 K 51,688 K 3768 Carbonite Secure Backup Engine Carbonite, Inc. (www.carbonite.com)
procexp64.exe 3.56 25,760 K 58,748 K 11256 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts 1.43 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.99 192 K 1,064 K 4
dwm.exe 0.56 31,608 K 40,824 K 76
svchost.exe 0.37 62,392 K 66,628 K 1924 Host Process for Windows Services Microsoft Corporation
explorer.exe 0.27 53,324 K 104,448 K 6052 Windows Explorer Microsoft Corporation
HPNetworkCommunicatorCom.exe 0.23 3,276 K 10,836 K 10120 HPNetworkCommunicatorCom Hewlett-Packard Co.
rundll32.exe 0.22 5,276 K 16,272 K 8280 Windows host process (Rundll32) Microsoft Corporation
csrss.exe 0.21 4,536 K 4,760 K 700
chrome.exe 0.15 185,832 K 179,656 K 8532 Google Chrome Google Inc.
CarboniteUI.exe 0.14 14,008 K 33,324 K 10068 Carbonite User Interface Carbonite, Inc.
AvastUI.exe 0.13 27,252 K 38,936 K 8696 Avast Antivirus AVAST Software
chrome.exe 0.13 151,820 K 162,704 K 11312 Google Chrome Google Inc.
chrome.exe 0.11 228,896 K 222,300 K 9568 Google Chrome Google Inc.
chrome.exe 0.10 60,892 K 73,296 K 9608 Google Chrome Google Inc.
Panda_URL_Filteringb.exe 0.03 10,396 K 14,020 K 3948 Anti-phishing Domain Advisor (Powered by Panda Security) Visicom Media Inc.
spoolsv.exe 0.02 9,972 K 19,560 K 3388 Spooler SubSystem App Microsoft Corporation
AppleMobileDeviceService.exe 0.02 4,140 K 13,108 K 3736 MobileDeviceService Apple Inc.
googledrivesync.exe 0.02 61,920 K 22,452 K 8564 Google Drive Google
MOM.exe 0.02 26,388 K 7,532 K 7244 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.
AvastSvc.exe 0.01 56,380 K 39,744 K 3200 Avast Service AVAST Software
svchost.exe 0.01 6,552 K 15,532 K 6408 Host Process for Windows Services Microsoft Corporation
iCloudPhotos.exe 0.01 27,260 K 43,472 K 8800 iCloud Photo Library Apple Inc.
svchost.exe 0.01 6,676 K 11,984 K 528 Host Process for Windows Services Microsoft Corporation
officeclicktorun.exe < 0.01 24,800 K 26,356 K 3828 Microsoft Office Click-to-Run Microsoft Corporation
ApplePhotoStreams.exe < 0.01 10,316 K 29,968 K 8736 iCloud Photo Stream Apple Inc.
lsass.exe < 0.01 7,452 K 15,780 K 772 Local Security Authority Process Microsoft Corporation
notepad.exe < 0.01 14,416 K 44,324 K 2520 Notepad Microsoft Corporation
SynTPEnh.exe < 0.01 6,120 K 17,976 K 5624 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated
svchost.exe < 0.01 5,004 K 13,912 K 4044 Host Process for Windows Services Microsoft Corporation
svchost.exe < 0.01 12,908 K 12,228 K 1436 Host Process for Windows Services Microsoft Corporation
TouchpointAnalyticsClientService.exe < 0.01 39,892 K 37,780 K 11616 HP Touchpoint Analytics Client Service HP Inc.
RuntimeBroker.exe < 0.01 8,560 K 26,236 K 7476 Runtime Broker Microsoft Corporation
chrome.exe < 0.01 32,292 K 35,892 K 9580 Google Chrome Google Inc.
chrome.exe < 0.01 110,912 K 122,188 K 9596 Google Chrome Google Inc.
PhotoshopElementsFileAgent.exe < 0.01 2,548 K 1,340 K 9428 Adobe Photoshop Elements 13.0 (component) Adobe Systems Incorporated
WmiPrvSE.exe 3,204 K 8,840 K 7488
winlogon.exe 2,444 K 9,348 K 836
wininit.exe 1,408 K 5,900 K 688
unsecapp.exe 1,348 K 6,040 K 5368
taskhostw.exe 5,516 K 13,660 K 5400 Host Process for Windows Tasks Microsoft Corporation
TabTip.exe 3,812 K 14,256 K 6360
SynTPHelper.exe 1,080 K 4,072 K 6092
SynTPEnhService.exe 1,260 K 4,508 K 4056 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated
svchost.exe 5,156 K 13,268 K 3136 Host Process for Windows Services Microsoft Corporation
svchost.exe 6,244 K 14,388 K 3880 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,844 K 7,488 K 524 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,208 K 9,828 K 6496 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,548 K 11,384 K 2928 Host Process for Windows Services Microsoft Corporation
svchost.exe 11,440 K 26,428 K 984 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,236 K 8,948 K 1100 Host Process for Windows Services Microsoft Corporation
svchost.exe 5,212 K 18,156 K 6176 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,500 K 17,996 K 2972 Host Process for Windows Services Microsoft Corporation
svchost.exe 6,548 K 19,660 K 5168 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,188 K 6,220 K 3496 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,236 K 10,608 K 3216 Host Process for Windows Services Microsoft Corporation
svchost.exe 24,456 K 31,536 K 3812 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,232 K 8,148 K 3744 Host Process for Windows Services Microsoft Corporation
svchost.exe 5,760 K 13,320 K 2528 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,136 K 7,676 K 3432 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,456 K 8,428 K 3968 Host Process for Windows Services Microsoft Corporation
svchost.exe 13,008 K 15,028 K 1156 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,168 K 11,328 K 2336 Host Process for Windows Services Microsoft Corporation
svchost.exe 9,320 K 23,436 K 3788 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,204 K 11,116 K 1172 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,308 K 10,612 K 1872 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,024 K 7,012 K 2268 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,332 K 6,936 K 1784 Host Process for Windows Services Microsoft Corporation
svchost.exe 15,396 K 10,344 K 2908 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,128 K 6,560 K 5068 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,688 K 11,132 K 10448 Host Process for Windows Services Microsoft Corporation
svchost.exe 7,764 K 29,676 K 5244 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,456 K 14,120 K 5536 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,552 K 8,844 K 1604 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,624 K 14,448 K 1948 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,796 K 5,908 K 2916 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,984 K 7,028 K 1556 Host Process for Windows Services Microsoft Corporation
svchost.exe 4,488 K 13,812 K 11100 Host Process for Windows Services Microsoft Corporation
svchost.exe 6,572 K 13,972 K 1368 Host Process for Windows Services Microsoft Corporation
svchost.exe 5,188 K 6,268 K 1624 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,448 K 11,840 K 3796 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,344 K 9,728 K 10508 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,008 K 6,784 K 1916 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,572 K 10,336 K 1148 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,788 K 7,004 K 1632 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,888 K 6,516 K 3896 Host Process for Windows Services Microsoft Corporation
svchost.exe 5,444 K 16,124 K 5756 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,496 K 6,968 K 1960 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,424 K 5,308 K 1904 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,680 K 10,040 K 1400 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,068 K 3,544 K 948 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,648 K 6,428 K 1164 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,248 K 8,480 K 1180 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,732 K 6,128 K 1408 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,864 K 7,040 K 1444 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,976 K 5,936 K 1460 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,224 K 8,080 K 2020 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,840 K 7,040 K 1568 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,696 K 5,796 K 3988 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,368 K 5,044 K 4076 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,792 K 6,732 K 4088 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,348 K 10,240 K 3560 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,380 K 4,844 K 4200 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,644 K 10,808 K 4412 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,124 K 7,772 K 132 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,668 K 6,104 K 5212 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,888 K 6,200 K 5228 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,736 K 5,316 K 5544 Host Process for Windows Services Microsoft Corporation
svchost.exe 1,444 K 5,548 K 5840 Host Process for Windows Services Microsoft Corporation
svchost.exe 3,952 K 7,740 K 6104 Host Process for Windows Services Microsoft Corporation
svchost.exe 2,376 K 9,672 K 6644 Host Process for Windows Services Microsoft Corporation
smss.exe 592 K 1,004 K 416
sihost.exe 5,580 K 22,380 K 5156 Shell Infrastructure Host Microsoft Corporation
ShellExperienceHost.exe Suspended 27,036 K 45,636 K 1732 Windows Shell Experience Host Microsoft Corporation
SgrmBroker.exe 2,816 K 4,772 K 11476 System Guard Runtime Monitor Broker Service Microsoft Corporation
SetPoint.exe 6,796 K 17,864 K 8452 Logitech SetPoint Event Manager (UNICODE) Logitech, Inc.
services.exe 5,152 K 8,148 K 752
SecurityHealthService.exe 4,304 K 12,924 K 4036 Windows Security Health Service Microsoft Corporation
secd.exe 7,172 K 21,172 K 8940 Apple Security Manager Apple, Inc.
SearchUI.exe Suspended 110,512 K 185,616 K 1316 Search and Cortana application Microsoft Corporation
SearchProtocolHost.exe 1,924 K 7,764 K 3960 Microsoft Windows Search Protocol Host Microsoft Corporation
SearchProtocolHost.exe 2,360 K 11,808 K 2424
SearchIndexer.exe 34,240 K 36,772 K 7092 Microsoft Windows Search Indexer Microsoft Corporation
SearchFilterHost.exe 2,072 K 8,296 K 6676
RuntimeBroker.exe 7,316 K 27,496 K 7740 Runtime Broker Microsoft Corporation
RuntimeBroker.exe 1,280 K 5,176 K 7224 Runtime Broker Microsoft Corporation
RemindersServer.exe Suspended 2,744 K 14,228 K 8152 Reminders WinRT OOP Server Microsoft Corporation
Registry 1,192 K 21,972 K 104
procexp.exe 3,092 K 10,108 K 10864 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
OneDrive.exe 14,952 K 44,224 K 8828 Microsoft OneDrive Microsoft Corporation
Memory Compression 428 K 155,976 K 2004
mDNSResponder.exe 1,764 K 5,776 K 3752 Bonjour Service Apple Inc.
KHALMNPR.exe 3,592 K 9,548 K 6476 Logitech KHAL Main Process Logitech, Inc.
iCloudServices.exe 24,324 K 45,128 K 8728 iCloud Services Apple Inc.
iCloudDrive.exe 11,856 K 25,116 K 8776 iCloud Drive Apple Inc.
HPWMISVC.exe 1,656 K 7,388 K 3888 HP WMI Service Hewlett-Packard Development Company, L.P.
HPSupportSolutionsFrameworkService.exe 35,540 K 34,288 K 7908 HP Support Solutions Framework Service HP Inc.
hpqwmiex.exe 1,892 K 8,764 K 3168 HP Software Framework WMI Service Hewlett-Packard Company
HPMSGSVC.exe 1,488 K 7,584 K 5096 HP Message Service Hewlett-Packard Development Company, L.P.
googledrivesync.exe 1,016 K 4,236 K 8704 Google Drive Google
GoogleCrashHandler64.exe 1,660 K 160 K 764
GoogleCrashHandler.exe 1,632 K 168 K 7836
Fuel.Service.exe 2,112 K 8,512 K 3760 AMD Fuel Service Advanced Micro Devices, Inc.
fontdrvhost.exe 4,764 K 8,176 K 968
fontdrvhost.exe 1,648 K 3,104 K 960
dllhost.exe 1,792 K 6,516 K 4212 COM Surrogate Microsoft Corporation
dllhost.exe 3,080 K 9,444 K 12196
dllhost.exe 2,200 K 9,572 K 11048 COM Surrogate Microsoft Corporation
dgnsvc.exe 1,568 K 6,784 K 3836 Dragon NaturallySpeaking Service Nuance Communications, Inc.
dasHost.exe 5,464 K 12,156 K 1712
ctfmon.exe 8,040 K 15,896 K 5492
csrss.exe 2,032 K 4,684 K 596
CoolSense.exe 2,336 K 10,524 K 8092 HP CoolSense Hewlett-Packard Development Company, L.P.
chrome.exe 46,204 K 19,820 K 9340 Google Chrome Google Inc.
chrome.exe 22,020 K 24,468 K 9588 Google Chrome Google Inc.
chrome.exe 31,332 K 33,864 K 5344 Google Chrome Google Inc.
chrome.exe 13,496 K 22,316 K 2012 Google Chrome Google Inc.
chrome.exe 24,584 K 29,776 K 2000 Google Chrome Google Inc.
chrome.exe 2,380 K 7,664 K 8496 Google Chrome Google Inc.
chrome.exe 2,236 K 8,388 K 8444 Google Chrome Google Inc.
CCC.exe 76,148 K 14,128 K 7584 Catalyst Control Center: Host application Advanced Micro Devices Inc.
atiesrxx.exe 1,336 K 5,048 K 1704 AMD External Events Service Module AMD
atieclxx.exe 2,344 K 8,408 K 1880
armsvc.exe 1,444 K 6,124 K 3728 Adobe Acrobat Update Service Adobe Systems Incorporated
APSDaemon.exe 4,668 K 15,060 K 9268 Apple Push Apple Inc.
AMDQuickStream.exe 3,320 K 10,652 K 8928 AMD Quick Stream AppEx Networks Corporation
 
 
 
Copy the next line:
 
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AODDriver4.3"
 
No, it says: ERROR: the system was unable to find the specified registry key or value
 
Thanks Ron!  

  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP

Doesn't look that much slower.  Just our friend Carbonite eating CPU time.  Can you pause it?

 

 

Sometimes AMD installs something in your network stack that slows things down.  Open Control Panel (View By: Large Icons) Network and Sharing Center then click on the WiFi (will be in Blue).  This should make a new window open.  Click on Properties.  (Not Wireless Properties).  Do you see

AppEx Accelerator

in the list under This Connection uses the following Items:

If you see it, Highlight it and then if possible hit Uninstall.  If not just Uncheck the box in front of it. OK.

 

Copy the next two lines:
 
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AODDriver4.2" > \junk.txt
notepad \junk.txt

 

Open an Elevated Command Prompt:
as before

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.

 

Copy and paste the text from notepad into a reply.

 

Look at the text and you should see a line that looks like:

 

ImagePath    REG_EXPAND_SZ    \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

 

Start up FRST and in the search box put in the file name from the end of the above line in the example it would be AODDriver2.sys. 

 

Click on Search Files

 

Does it find anything?  Copy and paste the text from search result.


  • 0

#29
SumMom

SumMom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I can pause it.  The support page suggests I run CHKDSK /F.  Thoughts?
 
AppEx Accelerator - uninstalled
 
reg query response:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AODDriver4.2
    DisplayName    REG_SZ    AODDriver4.2
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    ErrorControl    REG_DWORD    0x1
    ImagePath    REG_EXPAND_SZ    \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
 
FRST findings:
Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Owner (10-07-2018 17:09:47)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
 
================== Search Files: "AODDriver2.sys" =============
 
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys
[2013-09-20 03:05][2013-09-20 03:05] 000059648 _____ (Advanced Micro Devices) E8CCB797DAF80779C768BD3A9FC8FCAF [File is digitally signed]
 
C:\Program Files\AMD\ATI.ACE\Fuel\amd64\aoddriver2.sys
[2014-02-11 17:36][2014-02-11 17:36] 000059616 _____ (Advanced Micro Devices) C3D487827E48CC5EC17994FEC5BDFF87 [File is digitally signed]
 
Thanks Ron!  

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,044 posts
  • MVP

If you pause it does the PC gat faster?

 

Won't hurt to do chkdsk:

 

https://www.tekrevue...dsk-windows-10/

 

I'm puzzled by your reg query and search file results.  You have two of the aoddriver2.sys files but the newest one is not being used.  Instead it's pointing at the older version.  On mine (which has a newer version) it points to the same location as yours but I have the newer file there.  Let's try replacing the old file with the new one.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   522bytes   15 downloads

Run FRST and press Fix
A fix log will be generated please post that

If it didn't reboot as part of the fix, reboot now.

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP