Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 8.1 boots to desktop then takes forever to become responsive


  • Please log in to reply

#1
bytesize

bytesize

    Member

  • Member
  • PipPip
  • 94 posts

Hi

 

an elderly friend asked if I could update or install antivirus on their Toshiba Laptop, have worked with computer off and on for a few years now. It is not used much, so when I get it, I normally just make sure its going okay. The lady is reluctant to upgrade as she likes everything the way it is. Just installed antivirus but noticed it was really unresponsive for a while when it booted to desktop. 

 

Uninstalled the AV, booted and checked task manager, disk 100%, it takes forever to actually get task manager to open, did a clean boot but still has the same problem. 

 

Any help would be much appreciated.

 

Thanks


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,579 posts
  • MVP

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Smart Screen, Windows Defender and Avast have all been blocking FRST recently.  It's a false positive so pause your antivirus when downloading or running FRST.  If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.


 


  • 0

#3
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Here are the requested logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-02-2021 01
Ran by Rena (administrator) on TOSH (TOSHIBA SATELLITE C50-A-157) (09-02-2021 21:21:54)
Running from E:\Rena
Loaded Profiles: Rena
Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)
Default browser: IE
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19750_none_fa39f32f9b2d0928\TiWorker.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> ) C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Europe Gmbh -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Toshiba Europe Gmbh -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988 (the data entry has 7 more characters).
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.) [File not signed]
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () [File not signed]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP460: C:\WINDOWS\system32\CNMLM81.DLL [235520 2008-04-03] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [87152 2012-10-04] (Acro Software Inc -> )
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {30754DBC-979E-4C6B-9750-A82E8F0D8191} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {38379ACB-BD0D-4662-AC1A-622A865E3BBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {62302DCB-5ABB-4B01-9E33-4A4297EF9042} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [475720 2015-11-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {94113DAE-5AF6-41F2-9112-6F1DB4BBC23E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [654440 2013-03-19] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {94CD9053-54E4-4574-ADC3-46C128E1EEF8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {B09D457D-4ECD-4215-A690-337F62C105F2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {CF4D8109-8321-4BB3-B5C3-7DEAB000322B} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2117757934-2563609367-1956778120-1001 => {F063A606-6748-4B89-82A0-3D19D94CE8D3} C:\Windows\System32\VaultRoaming.dll [92672 2014-10-29] (Microsoft Windows -> Microsoft)
Task: {F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.132.1
Tcpip\..\Interfaces\{794DB99B-A736-4151-AF3D-3A33C40C313E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9783D14C-5110-47DD-AA37-8387218D8EFB}: [DhcpNameServer] 192.168.132.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Rena\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-07]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Rena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-02-07]
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] (DTS, Inc. -> )
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 KMWDFILTER; C:\WINDOWS\System32\drivers\KMWDFILTER.sys [30208 2009-04-29] (MLK Technologies Limited -> Windows ® Codename Longhorn DDK provider)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [546304 2013-04-25] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [33168 2013-11-01] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-02-09 21:21 - 2021-02-09 21:22 - 000000000 ____D C:\FRST
2021-02-07 21:15 - 2021-02-07 21:15 - 000099084 _____ C:\ProgramData\vpn.uninstall.1612732487.bdinstall.v2.bin
2021-02-07 21:15 - 2021-02-07 21:15 - 000070784 _____ C:\ProgramData\agent.uninstall.1612732537.bdinstall.v2.bin
2021-02-07 20:55 - 2021-02-07 20:55 - 000387608 _____ C:\ProgramData\cl.uninstall.1612731158.bdinstall.v2.bin
2021-02-07 18:23 - 2021-02-07 18:23 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-02-07 18:23 - 2013-08-15 20:13 - 003859968 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
2021-02-07 18:22 - 2021-02-07 18:22 - 000000000 ____D C:\Users\Rena\AppData\Roaming\WinBatch
2021-02-07 18:08 - 2021-02-07 18:09 - 045739147 _____ C:\Users\Rena\Downloads\wlesslan-20140127154948.zip
2021-02-07 17:43 - 2021-02-07 20:50 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2021-02-07 17:43 - 2021-02-07 20:03 - 000000000 ____D C:\Users\Rena\AppData\Local\BraveSoftware
2021-02-07 17:42 - 2021-02-07 17:42 - 001243488 _____ (BraveSoftware Inc.) C:\Users\Rena\Downloads\BraveBrowserSetup.exe
2021-02-07 12:48 - 2021-02-07 12:48 - 004357175 _____ C:\Users\Rena\Downloads\bios-20140625090211.zip
2021-02-07 11:30 - 2021-02-07 11:30 - 000000000 ____D C:\WINDOWS\pss
2021-02-06 11:37 - 2021-02-06 11:37 - 000196784 _____ C:\ProgramData\vpn.1612611384.bdinstall.v2.bin
2021-02-05 17:46 - 2021-02-05 17:46 - 000087460 _____ C:\ProgramData\agent.update.1612547184.bdinstall.v2.bin
2021-02-05 17:22 - 2021-02-05 17:22 - 000000000 ____D C:\ProgramData\dbg
2021-02-05 17:17 - 2021-02-05 17:17 - 000000000 ____D C:\ProgramData\Gemma
2021-02-05 17:17 - 2021-02-05 17:17 - 000000000 ____D C:\ProgramData\Atc
2021-02-05 17:04 - 2021-02-05 17:04 - 000782444 _____ C:\ProgramData\cl.1612544222.bdinstall.v2.bin
2021-02-05 17:04 - 2021-02-05 17:04 - 000102440 _____ C:\ProgramData\cl.kit.1612544204.bdinstall.v2.bin
2021-02-05 17:04 - 2021-02-05 17:04 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4
2021-02-05 17:01 - 2021-02-05 17:01 - 000000000 ____D C:\WINDOWS\system32\elambkup
2021-02-05 17:01 - 2021-02-05 17:01 - 000000000 ____D C:\ProgramData\BDLogging
2021-02-05 16:57 - 2021-02-07 21:38 - 000000000 ____D C:\Program Files\Bitdefender
2021-02-05 16:54 - 2021-02-05 16:54 - 000117360 _____ C:\ProgramData\agent.1612544050.bdinstall.v2.bin
2021-02-05 16:54 - 2021-02-05 16:54 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-02-05 16:46 - 2021-02-05 16:46 - 013543464 _____ C:\Users\Rena\Downloads\bitdefender_windows_36cf5875-1c64-4b7a-8c3f-e7d86cf97267 (1).exe
2021-02-05 12:17 - 2021-02-05 12:17 - 013543464 _____ C:\Users\Rena\Downloads\bitdefender_windows_36cf5875-1c64-4b7a-8c3f-e7d86cf97267.exe
2021-02-05 10:14 - 2021-02-06 12:21 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-05 10:14 - 2021-02-06 12:21 - 000002213 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-05 10:14 - 2021-02-06 12:21 - 000002213 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-05 10:13 - 2021-02-06 12:15 - 000003380 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-05 10:13 - 2021-02-06 12:15 - 000003252 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-05 10:13 - 2020-10-02 20:58 - 000835472 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2021-02-05 10:13 - 2020-10-02 20:58 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2021-02-04 22:50 - 2020-01-28 08:06 - 001677024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-02-04 22:50 - 2020-01-28 08:06 - 001500848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-02-04 22:49 - 2021-01-08 01:21 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-02-04 22:49 - 2021-01-08 01:13 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-02-04 22:49 - 2020-10-13 04:31 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-02-04 22:49 - 2020-10-13 04:09 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-02-04 22:49 - 2020-08-11 06:16 - 000376072 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2021-02-04 22:49 - 2020-08-11 04:33 - 000317176 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2021-02-04 22:49 - 2020-06-11 03:24 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-02-04 22:49 - 2020-06-11 03:02 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-02-04 22:49 - 2020-05-10 04:23 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-02-04 22:49 - 2020-05-10 03:56 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-02-04 22:49 - 2019-10-10 16:20 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-02-04 22:49 - 2019-09-06 13:17 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2021-02-04 22:49 - 2019-04-04 22:15 - 000513416 _____ C:\WINDOWS\SysWOW64\locale.nls
2021-02-04 22:49 - 2019-04-04 22:15 - 000513416 _____ C:\WINDOWS\system32\locale.nls
2021-02-04 22:49 - 2019-02-26 07:31 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2021-02-04 22:49 - 2018-10-25 00:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-02-04 22:49 - 2018-10-25 00:51 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-02-04 22:48 - 2019-10-10 15:50 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-02-04 22:48 - 2018-08-26 04:07 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-02-09 21:23 - 2013-09-30 04:11 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-09 21:23 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\Inf
2021-02-09 21:23 - 2012-07-26 07:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-09 21:19 - 2013-10-13 18:51 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2117757934-2563609367-1956778120-1001
2021-02-09 21:14 - 2013-08-22 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-09 12:19 - 2013-08-22 13:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2021-02-07 23:37 - 2014-01-06 13:45 - 000000000 ____D C:\Users\Rena\AppData\Local\ElevatedDiagnostics
2021-02-07 21:46 - 2013-10-18 20:47 - 000000000 ____D C:\Users\Rena
2021-02-07 20:42 - 2013-08-22 13:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2021-02-07 20:36 - 2013-10-14 19:33 - 000001371 _____ C:\Users\Rena\Desktop\shutdown.lnk
2021-02-07 18:30 - 2013-08-28 21:17 - 000000000 ____D C:\Program Files (x86)\Atheros
2021-02-07 17:35 - 2014-04-30 18:40 - 000000000 __RDO C:\Users\Rena\SkyDrive
2021-02-05 16:37 - 2018-04-29 09:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-02-05 12:23 - 2012-07-26 08:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-05 12:22 - 2018-04-29 09:14 - 000000000 ____D C:\Program Files\Common Files\AV
2021-02-05 11:52 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-02-05 11:51 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\rescache
2021-02-05 10:34 - 2013-10-13 19:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-05 10:30 - 2013-10-13 19:50 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-05 10:09 - 2013-08-22 14:44 - 000482648 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-04 23:28 - 2013-08-22 15:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-02-04 23:27 - 2015-05-19 11:17 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-02-04 23:27 - 2015-04-26 11:55 - 000000000 ___SD C:\WINDOWS\system32\CompatTel
2021-02-04 23:27 - 2013-09-30 03:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-02-04 23:27 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-02-04 23:27 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\setup
2021-02-04 23:27 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-04 23:27 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-04 23:27 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-04 23:27 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-04 23:27 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-29 13:58 - 2015-06-25 10:34 - 000004476 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories ========
 
2018-05-29 10:20 - 2018-05-29 10:25 - 000004608 _____ () C:\Users\Rena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2021-02-05 10:30
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2021 01
Ran by Rena (09-02-2021 21:27:36)
Running from E:\Rena
Windows 8.1 (Update) (X64) (2013-10-18 22:33:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2117757934-2563609367-1956778120-500 - Administrator - Disabled)
Guest (S-1-5-21-2117757934-2563609367-1956778120-501 - Limited - Disabled)
Rena (S-1-5-21-2117757934-2563609367-1956778120-1001 - Administrator - Enabled) => C:\Users\Rena
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.23)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{C90340A9-F592-4164-9480-FCE488C4BFF6}) (Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.9 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-197C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D337F167-C622-43BE-B3FB-75C62C49143A}) (Version: 12.9.3.3 - Apple Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
Packages:
=========
Bing Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.258_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]
Bing News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.309_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]
Bing Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.2.317_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]
Bing Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.309_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]
Browser Choice -> C:\WINDOWS\BrowserChoice [2013-11-17] (Microsoft Corporation)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_2.3.3.6_x86__q4d96b2w5wcc2 [2014-08-17] (Evernote)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2013-10-20] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2013-10-20] (Microsoft Platform Extensions)
National Rail Enquiries -> C:\Program Files\WindowsApps\NationalRailEnquiries.NationalRailEnquiries_1.4.0.89_neutral__7drgzh1seyt1w [2014-08-17] (TRAIN INFORMATION SERVICES LIMITED) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c [2014-08-17] (Skype) [MS Ad]
The Telegraph -> C:\Program Files\WindowsApps\TelegraphMediaGroupLtd.TheTelegraph_2.0.1.134_x64__8zqgb9yvnry22 [2014-08-17] (Telegraph Media Group Ltd)
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_2.0.0.113_x64__679ekb9hp1h62 [2014-08-17] (sMedio)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.215.0_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Rena\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) =============
 
2013-10-24 14:54 - 2008-04-03 04:00 - 000235520 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLM81.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2117757934-2563609367-1956778120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
HKU\S-1-5-21-2117757934-2563609367-1956778120-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-2117757934-2563609367-1956778120-1001 -> DefaultScope {2B3F5F49-6B01-4204-815F-0F5F9255E975} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2117757934-2563609367-1956778120-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2117757934-2563609367-1956778120-1001 -> {2B3F5F49-6B01-4204-815F-0F5F9255E975} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2117757934-2563609367-1956778120-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc. -> Belarc, Inc.)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2021-02-07 20:38 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64
HKU\S-1-5-21-2117757934-2563609367-1956778120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rena\Pictures\Picasa\Backgrounds\picasabackground-001.bmp
DNS Servers: 192.168.132.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7"
HKLM\...\StartupApproved\Run32: => "Intel AppUp® center"
HKLM\...\StartupApproved\Run32: => "1.TPUReg"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
HKLM\...\StartupApproved\Run32: => "PPort11reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A0641E2C-DCC6-4C9C-9A6C-90F2A6AC6F73}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe => No File
FirewallRules: [{7EA9DB80-9DBC-4096-851B-425945D05D39}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe => No File
FirewallRules: [{43FB2A9A-E423-4F53-B1A0-57478817ADC0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe => No File
FirewallRules: [{8AB78AA2-A88E-4D15-9601-009877D14BD2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe => No File
FirewallRules: [{DE8E4AAD-09A3-4185-9122-4EAD5FDFCA35}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{CEC6D733-DC95-4D5D-B721-634A56C7C699}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File
FirewallRules: [{CF21F639-95CE-46A8-B6E8-67410E2CE65F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{98A6B76F-4FA4-454C-9926-4026CABD5F0C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File
FirewallRules: [{D093F6DF-9861-4065-9969-7B64A7DF7C23}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
FirewallRules: [{5C702716-70C5-4B62-BECC-1877FF401AA0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3F6C6AE0-F00D-42B1-BF9E-71CD23392B8A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD385FDA-2F89-4F0D-B99E-58DEEBCA93AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E22D8C21-E9B4-427E-A1C5-961974A155F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E48942BE-5EC3-4AFB-8D6D-8704AFF33AA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A3934143-8605-467B-9B53-20CF5374BFB0}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
 
==================== Restore Points =========================
 
30-11-2019 19:06:47 Windows Update
04-02-2021 22:54:53 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/07/2021 08:04:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14750
 
Error: (02/07/2021 08:04:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14750
 
Error: (02/07/2021 08:04:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/05/2021 04:17:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 6.3.9600.17489 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3f4
 
Start Time: 01d6fbda0dbbca29
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: 6dee6c4a-67cd-11eb-bfd8-48d224b1a2e8
 
Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (02/05/2021 04:15:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSH)
Description: Activation of application windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/05/2021 04:15:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TOSH)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Error: (02/05/2021 10:35:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7ec
 
Start Time: 01d6fba9eb165c90
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e03cb978-679d-11eb-bfd5-48d224b1a2e8
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/29/2021 02:41:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11859
 
 
System errors:
=============
Error: (02/09/2021 09:20:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (02/09/2021 09:16:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
 
Error: (02/09/2021 08:56:12 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
 
Error: (02/09/2021 08:56:12 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialisation failed. Last error: 0x80070422
 
Error: (02/09/2021 08:56:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (02/09/2021 08:35:58 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
 
Error: (02/09/2021 08:35:58 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialisation failed. Last error: 0x80070422
 
Error: (02/09/2021 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
Windows Defender:
===================================
Date: 2017-01-27 19:46:43.274
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible. 
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0
 
CodeIntegrity:
===================================
 
Date: 2021-02-09 21:20:21.468
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-02-09 20:56:11.671
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-02-09 20:35:58.189
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-02-09 20:18:27.075
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-02-09 12:17:36.667
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-02-09 12:03:05.069
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-02-09 12:00:22.315
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2021-02-07 23:24:30.942
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 1.40 04/22/2014
Motherboard: Intel PT10F
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 3971.27 MB
Available physical RAM: 2286.69 MB
Total Virtual: 4675.27 MB
Available Virtual: 3074.68 MB
 
==================== Drives ================================
 
Drive c: (TI31121600B) (Fixed) (Total:919.1 GB) (Free:854.77 GB) NTFS
Drive e: () (Removable) (Total:14.55 GB) (Free:14.54 GB) FAT32
 
\\?\Volume{3c74498c-ebc4-11e2-93aa-dfd0cd0b5165}\ (System) (Fixed) (Total:1 GB) (Free:0.62 GB) NTFS
\\?\Volume{24412888-280a-44c8-b2ec-378a1e597223}\ () (Fixed) (Total:0.34 GB) (Free:0 GB) NTFS
\\?\Volume{9de1046a-ee4e-4c0e-ba09-c07b468e4e78}\ (Recovery) (Fixed) (Total:10.69 GB) (Free:0.81 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Protective MBR) (Size: 14.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,579 posts
  • MVP

Doesn't look like an infection.

 

You have what looks like a failed language pack install.  Is she trying to have Windows work in a second language?

 

Error: (02/09/2021 08:35:58 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Failed to start language pack setup wizard. Please restart the system and try running the wizard again.
 
Error: (02/09/2021 08:35:58 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialisation failed. Last error: 0x80070422

 

 

That might slow things down a bit. 

 

See:

https://support.micr...a8#lptabs=win10

for where to look for the language.  Looks like you need to go to Control Panel, Language in 8.1

 

Also I see a BitDefender install set to run but it looks like you have it turned off in msconfig:

 

HKLM\...\Run: [CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988 (the data entry has 7 more characters).

 

 

 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 

...

HKLM\...\StartupApproved\Run: => "CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7"

 

Finally I see a probably with Bonjour.

 

I would just uninstall it unless she is a big Apple user.  You can get a new version if you upgrade or install iTunes.

 

Let's collect some more info:

Multiple replies are OK.  Best to post a log as you get it.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  


Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it.


  • 0

#5
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Can only see 1 language pack installed can't think why she would need another. Uninstalled Bonjour, Bitdefender is no longer installed but I will be reinstalling it.

 

Here is Process Explorer log

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 93.68 0 K 4 K 0
procexp64.exe 4.85 26,792 K 53,500 K 3804 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 0.52 13,524 K 23,300 K 832 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.37 0 K 0 K n/a Hardware Interrupts and DPCs
explorer.exe 0.24 93,952 K 150,824 K 1884 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.14 2,660 K 19,624 K 512 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
System 0.13 136 K 11,964 K 4
LMS.exe 0.02 1,288 K 4,636 K 2192 Local Manageability Service Intel Corporation (Verified) Intel Corporation
svchost.exe 0.02 4,184 K 11,580 K 696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Toshiba.Tempro.UI.CommonNotifier.exe 0.01 32,064 K 10,536 K 3952 Toshiba TEMPRO Toshiba Europe GmbH (Verified) Toshiba Europe Gmbh
AppleMobileDeviceService.exe < 0.01 3,016 K 10,152 K 1444 MobileDeviceService Apple Inc. (Verified) Apple Inc.
dts_apo_service.exe < 0.01 21,324 K 20,380 K 1868 dts_apo_service (Verified) DTS, Inc.
GFNEXSrv.exe < 0.01 1,752 K 6,184 K 1104 GFNEXSrv (Verified) TOSHIBA CORPORATION
svchost.exe < 0.01 4,308 K 8,624 K 740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe < 0.01 3,908 K 3,992 K 1536 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
stacsv64.exe < 0.01 4,224 K 7,484 K 288 IDT PC Audio IDT, Inc. (No signature was present in the subject) IDT, Inc.
TODDSrv.exe < 0.01 1,060 K 4,656 K 2464 TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WUDFHost.exe 1,540 K 5,740 K 3848 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 10,056 K 14,336 K 2356 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,440 K 11,772 K 564 Windows Log-on Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 792 K 4,088 K 496 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,064 K 4,792 K 3128 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 3,332 K 11,340 K 1684 User Notification Service Intel Corporation (Verified) Intel Corporation
TemproSvc.exe 24,524 K 24,412 K 3492 Toshiba TEMPRO Toshiba Europe GmbH (Verified) Toshiba Europe Gmbh
TecoService.exe 2,292 K 8,196 K 1060 TOSHIBA eco Utility Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
taskhostex.exe 3,704 K 10,496 K 1608 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 724 K 388 K 2616 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 15,876 K 21,856 K 872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,924 K 19,796 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 41,352 K 60,984 K 912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,692 K 22,220 K 76 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,284 K 5,252 K 3196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 16,300 K 23,488 K 1256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,068 K 13,212 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,488 K 10,516 K 1804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,796 K 5,920 K 1308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,876 K 8,240 K 3252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 3,964 K 11,064 K 1228 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 280 K 1,036 K 316 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 2,740 K 5,824 K 1716 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,412 K 7,076 K 616 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 18,160 K 19,088 K 612 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 4,452 K 8,384 K 3148 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
lsass.exe 4,660 K 12,128 K 624 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
Jhi_service.exe 1,040 K 4,624 K 2216 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
IntelMeFWService.exe 824 K 3,812 K 2020 Intel® ME Service Intel Corporation (Verified) Intel Corporation
HeciServer.exe 1,228 K 5,424 K 2180 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
dasHost.exe 1,000 K 4,188 K 1860 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 2,160 K 6,776 K 440 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
audiodg.exe 7,172 K 10,616 K 3760 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,016 K 4,092 K 3168 Adobe Acrobat Update Service Adobe Inc. (Verified) Adobe Inc.

  • 0

#6
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Junk file text

 

 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       316 N/A                                         
csrss.exe                      440 N/A                                         
wininit.exe                    496 N/A                                         
csrss.exe                      512 N/A                                         
winlogon.exe                   564 N/A                                         
services.exe                   616 N/A                                         
lsass.exe                      624 SamSs                                       
svchost.exe                    696 BrokerInfrastructure, DcomLaunch, LSM,      
                                   PlugPlay, Power, SystemEventsBroker         
svchost.exe                    740 RpcEptMapper, RpcSs                         
dwm.exe                        832 N/A                                         
svchost.exe                    872 Audiosrv, Dhcp, EventLog, lmhosts, Wcmsvc,  
                                   wscsvc                                      
svchost.exe                    912 AeLookupSvc, Appinfo, BITS, IKEEXT,         
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,     
                                   Schedule, SENS, ShellHWDetection, Themes,   
                                   Winmgmt, wlidsvc                            
svchost.exe                    936 EventSystem, FontCache, netprofm, nsi,      
                                   WdiServiceHost, WinHttpAutoProxySvc         
svchost.exe                   1008 AudioEndpointBuilder,                       
                                   DeviceAssociationService, hidserv,          
                                   NcbService, PcaSvc, TrkWks, WdiSystemHost,  
                                   WlanSvc, wudfsvc                            
stacsv64.exe                   288 STacSV                                      
svchost.exe                     76 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
GFNEXSrv.exe                  1104 GFNEXSrv                                    
spoolsv.exe                   1228 Spooler                                     
svchost.exe                   1256 BFE, DPS, MpsSvc                            
AppleMobileDeviceService.     1444 Apple Mobile Device Service                 
SynTPEnh.exe                  1536 N/A                                         
taskhostex.exe                1608 N/A                                         
svchost.exe                   1804 DiagTrack                                   
dasHost.exe                   1860 N/A                                         
dts_apo_service.exe           1868 dts_apo_service                             
explorer.exe                  1884 N/A                                         
HeciServer.exe                2180 Intel® Capability Licensing Service Interf
                                   ace                                         
Jhi_service.exe               2216 jhi_service                                 
TODDSrv.exe                   2464 TODDSrv                                     
TecoService.exe               1060 TOSHIBA eco Utility Service                 
svchost.exe                   1308 SSDPSRV, TimeBroker                         
SearchIndexer.exe              612 WSearch                                     
SettingSyncHost.exe           1716 N/A                                         
SynTPHelper.exe               2616 N/A                                         
WmiPrvSE.exe                  2356 N/A                                         
unsecapp.exe                  3128 N/A                                         
Toshiba.Tempro.UI.CommonN     3952 N/A                                         
TemproSvc.exe                 3492 TemproMonitoringService                     
IntelMeFWService.exe          2020 Intel® ME Service                         
LMS.exe                       2192 LMS                                         
UNS.exe                       1684 UNS                                         
armsvc.exe                    3168 AdobeARMservice                             
audiodg.exe                   3760 N/A                                         
WUDFHost.exe                  3848 N/A                                         
cmd.exe                       1376 N/A                                         
conhost.exe                    556 N/A                                         
notepad.exe                   3328 N/A                                         
tasklist.exe                  2544 N/A                                         
WmiPrvSE.exe                   132 N/A                                         

  • 0

#7
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Speccy

Attached Files

  • Attached File  TOSH.txt   75.26KB   27 downloads

  • 0

#8
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Latency mon

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:24  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        TOSH
OS version:                                           Windows 8.1, 6.3, build: 9600 (x64)
Hardware:                                             SATELLITE C50-A-157, TOSHIBA
CPU:                                                  GenuineIntel Intel® Core™ i3-3110M CPU @ 2.40GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  3971 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2395 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   93.651698
Average measured interrupt to process latency (µs):   13.935926
 
Highest measured interrupt to DPC latency (µs):       56.447599
Average measured interrupt to DPC latency (µs):       2.347296
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              84.258873
Driver with highest ISR routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.012703
Driver with highest ISR total time:                   ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Total time spent in ISRs (%)                          0.014116
 
ISR count (execution time <250 µs):                   570
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              111.943215
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.012054
Driver with highest DPC total execution time:         ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Total time spent in DPCs (%)                          0.056267
 
DPC count (execution time <250 µs):                   7452
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              0
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 latmon.exe
 
Total number of hard pagefaults                       7
Hard pagefault count of hardest hit process:          4
Number of processes hit:                              1
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.057856
CPU 0 ISR highest execution time (µs):                58.154489
CPU 0 ISR total execution time (s):                   0.001098
CPU 0 ISR count:                                      50
CPU 0 DPC highest execution time (µs):                81.125678
CPU 0 DPC total execution time (s):                   0.016731
CPU 0 DPC count:                                      5034
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.187973
CPU 1 ISR highest execution time (µs):                84.258873
CPU 1 ISR total execution time (s):                   0.011515
CPU 1 ISR count:                                      455
CPU 1 DPC highest execution time (µs):                111.943215
CPU 1 DPC total execution time (s):                   0.020988
CPU 1 DPC count:                                      1229
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.063077
CPU 2 ISR highest execution time (µs):                54.363257
CPU 2 ISR total execution time (s):                   0.000684
CPU 2 ISR count:                                      40
CPU 2 DPC highest execution time (µs):                71.210021
CPU 2 DPC total execution time (s):                   0.005784
CPU 2 DPC count:                                      444
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.090691
CPU 3 ISR highest execution time (µs):                54.039248
CPU 3 ISR total execution time (s):                   0.000299
CPU 3 ISR count:                                      25
CPU 3 DPC highest execution time (µs):                61.631733
CPU 3 DPC total execution time (s):                   0.010690
CPU 3 DPC count:                                      745
_________________________________________________________________________________________________________

  • 0

#9
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Latency mon screenshots

Attached Thumbnails

  • drivcap.JPG
  • procap.JPG

  • 0

#10
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Thanks for your help RKinner, going to call it a night will catch up tomorrow and await further instructions.


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,579 posts
  • MVP

OK.  Guess it's is late where you are.  I'm in the US in Florida so EST.

 

When you get back to it try to catch a Process Explorer log as soon after it starts as you can.  That might show us what is going on.

 

We can chek the system files:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


 


  • 0

#12
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Hi RKinner was sure that I posted in the OS forum apologies. Here are a couple of process explorer logs

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
armsvc.exe 1,000 K 4,080 K 1344 Adobe Acrobat Update Service Adobe Inc. (Verified) Adobe Inc.
csrss.exe 1,972 K 6,332 K 452
dasHost.exe 536 K 2,404 K 1488
GFNEXSrv.exe 1,544 K 5,324 K 1040 GFNEXSrv (Verified) TOSHIBA CORPORATION
HeciServer.exe 1,264 K 5,240 K 1608 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
Jhi_service.exe 1,140 K 4,432 K 1648 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
livecomm.exe 2,992 K 9,120 K 2084 Communications Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
lpksetup.exe 820 K 3,040 K 1256
lsass.exe 3,328 K 9,116 K 608 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
MicrosoftEdgeUpdate.exe 612 K 2,832 K 1884
procexp.exe 4,444 K 8,116 K 2488 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
sdclt.exe 896 K 2,128 K 2296
smss.exe 284 K 1,024 K 300
spoolsv.exe 1,264 K 4,176 K 1208 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 6,668 K 15,144 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,032 K 13,292 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,604 K 16,100 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,624 K 5,996 K 1708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,568 K 6,896 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,080 K 9,096 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,196 K 8,512 K 1444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,264 K 17,336 K 872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,616 K 10,296 K 676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,744 K 9,892 K 612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPEnh.exe 800 K 1,676 K 1908 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
taskhost.exe 1,436 K 5,208 K 1940 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 1,220 K 4,620 K 1268
wininit.exe 924 K 4,056 K 512
winlogon.exe 1,576 K 11,348 K 540
wsqmcons.exe 972 K 1,536 K 2308
TODDSrv.exe < 0.01 1,048 K 4,408 K 1724 TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
stacsv64.exe < 0.01 4,184 K 7,328 K 1000 IDT PC Audio IDT, Inc. (No signature was present in the subject) IDT, Inc.
taskhostex.exe < 0.01 3,404 K 8,876 K 1892 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
dts_apo_service.exe < 0.01 18,484 K 21,920 K 1476 dts_apo_service (Verified) DTS, Inc.
AppleMobileDeviceService.exe < 0.01 2,952 K 10,036 K 1416 MobileDeviceService Apple Inc. (Verified) Apple Inc.
System 0.08 112 K 4,428 K 4
csrss.exe 0.18 1,972 K 13,876 K 504
explorer.exe 0.26 50,824 K 70,572 K 1288 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.34 11,016 K 20,948 K 808
Interrupts 0.48 0 K 0 K n/a Hardware Interrupts and DPCs
services.exe 1.98 2,904 K 5,456 K 600
procexp64.exe 2.13 19,144 K 40,216 K 2504 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 94.54 0 K 4 K 0
 
Here is another:
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 88.84 0 K 4 K 0
procexp64.exe 7.64 20,948 K 41,176 K 2456 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
services.exe 1.57 3,036 K 5,564 K 600
Interrupts 0.64 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.58 11,168 K 20,912 K 800
explorer.exe 0.29 51,464 K 70,984 K 1396 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.27 1,916 K 14,960 K 504
System 0.15 120 K 4,428 K 4
dts_apo_service.exe < 0.01 18,476 K 21,888 K 1500 dts_apo_service (Verified) DTS, Inc.
svchost.exe < 0.01 7,260 K 17,324 K 872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe < 0.01 2,944 K 10,036 K 1436 MobileDeviceService Apple Inc. (Verified) Apple Inc.
lsass.exe < 0.01 3,424 K 9,160 K 608 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,116 K 9,068 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostex.exe < 0.01 3,704 K 9,152 K 1932 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
stacsv64.exe < 0.01 4,180 K 7,340 K 984 IDT PC Audio IDT, Inc. (No signature was present in the subject) IDT, Inc.
TODDSrv.exe < 0.01 1,044 K 4,408 K 1736 TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
winlogon.exe 1,452 K 11,308 K 540
wininit.exe 904 K 4,056 K 512
taskhost.exe 1,220 K 4,596 K 1276
taskhost.exe 1,340 K 5,100 K 1872 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 968 K 2,132 K 1904 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 3,544 K 6,864 K 720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,736 K 10,340 K 676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,176 K 13,388 K 1240 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,412 K 15,920 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,540 K 9,748 K 688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,316 K 8,536 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,644 K 15,148 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,684 K 6,024 K 1720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 1,256 K 4,172 K 1212 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 276 K 1,020 K 300
procexp.exe 4,444 K 8,120 K 2416 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
MicrosoftEdgeUpdate.exe 756 K 3,204 K 1896
lpksetup.exe 808 K 2,644 K 1288
livecomm.exe 2,976 K 9,116 K 2068 Communications Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
Jhi_service.exe 1,124 K 4,404 K 1664 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
HeciServer.exe 1,272 K 5,252 K 1624 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
GFNEXSrv.exe 1,544 K 5,344 K 1052 GFNEXSrv (Verified) TOSHIBA CORPORATION
dasHost.exe 564 K 2,424 K 1508
csrss.exe 1,892 K 6,292 K 452
armsvc.exe 1,020 K 4,056 K 1348 Adobe Acrobat Update Service Adobe Inc. (Verified) Adobe Inc.

  • 0

#13
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

SFC /SCANNOW finished and said windows resource protection did not find any integrity violations.

 

Here are the event viewer logs

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 10/02/2021 12:51:37
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/02/2021 20:28:40
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.
 
Log: 'System' Date/Time: 09/02/2021 20:28:40
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 07/02/2021 23:08:20
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.
 
Log: 'System' Date/Time: 07/02/2021 23:08:20
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 07/02/2021 21:45:43
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.
 
Log: 'System' Date/Time: 07/02/2021 21:45:43
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 07/02/2021 21:05:08
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.
 
Log: 'System' Date/Time: 07/02/2021 21:05:08
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 26/08/2019 16:30:16
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 21/02/2018 17:08:25
Type: Critical Category: 173
Event: 142 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.
 
Log: 'System' Date/Time: 21/02/2018 17:08:25
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 20/11/2017 17:21:29
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/10/2016 19:31:35
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/02/2021 12:08:16
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Defender Service service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Log: 'System' Date/Time: 10/02/2021 12:04:46
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 12:02:46
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 11:53:58
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 11:53:28
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 11:27:06
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 11:26:36
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 10:19:22
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Intel® Management and Security Application User Notification Service service did not respond on starting. 
 
Log: 'System' Date/Time: 10/02/2021 10:14:48
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Defender Service service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Log: 'System' Date/Time: 10/02/2021 10:10:50
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 10:08:50
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 10:06:23
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 09:59:09 on ?10/?02/?2021 was unexpected.
 
Log: 'System' Date/Time: 10/02/2021 10:04:38
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.
 
Log: 'System' Date/Time: 10/02/2021 10:03:36
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 10:03:35
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 10:01:36
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 09:59:09
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 09:43:39 on ?10/?02/?2021 was unexpected.
 
Log: 'System' Date/Time: 10/02/2021 09:47:19
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.
 
Log: 'System' Date/Time: 10/02/2021 09:46:27
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 10/02/2021 09:46:04
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/02/2021 12:08:22
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.27#4C530001100409101311&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
 
Log: 'System' Date/Time: 10/02/2021 12:00:06
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 10/02/2021 10:14:53
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.27#4C530001100409101311&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
 
Log: 'System' Date/Time: 10/02/2021 10:06:08
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 10/02/2021 09:58:54
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 10/02/2021 09:43:24
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 10/02/2021 09:30:55
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 09/02/2021 23:10:41
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 09/02/2021 21:13:57
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 09/02/2021 20:11:59
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 09/02/2021 12:11:08
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 09/02/2021 11:53:31
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 07/02/2021 22:59:10
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 07/02/2021 22:59:02
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 07/02/2021 22:57:47
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 07/02/2021 22:38:49
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 07/02/2021 22:27:44
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 07/02/2021 22:13:02
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 07/02/2021 21:45:52
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Log: 'System' Date/Time: 07/02/2021 21:05:17
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 10/02/2021 12:53:29
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/02/2021 20:04:42
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/02/2021 20:04:42
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/02/2021 20:04:42
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 05/02/2021 16:17:10
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program SystemSettings.exe version 6.3.9600.17489 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: 3f4  Start Time: 01d6fbda0dbbca29  Termination Time: 4294967295  Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe  Report Id: 6dee6c4a-67cd-11eb-bfd8-48d224b1a2e8  Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy  Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel 
 
Log: 'Application' Date/Time: 05/02/2021 16:15:59
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of application windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: The application didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Log: 'Application' Date/Time: 05/02/2021 16:15:57
Type: Error Category: 2414
Event: 2486 Source: Microsoft-Windows-Immersive-Shell
App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.
 
Log: 'Application' Date/Time: 05/02/2021 10:35:41
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.  Process ID: 7ec  Start Time: 01d6fba9eb165c90  Termination Time: 4294967295  Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe  Report Id: e03cb978-679d-11eb-bfd5-48d224b1a2e8  Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe  Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 
 
Log: 'Application' Date/Time: 29/01/2021 14:41:00
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 29/01/2021 14:41:00
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 29/01/2021 14:41:00
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 29/01/2021 13:55:04
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 09/11/2020 15:41:41
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 09/11/2020 15:41:41
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 09/11/2020 15:41:41
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 09/11/2020 15:40:53
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 09/11/2020 15:40:53
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 09/11/2020 15:40:53
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 09/11/2020 15:40:52
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/08/2020 11:07:28
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
Log: 'Application' Date/Time: 07/08/2020 11:07:28
Type: Error Category: 0
Event: 100 Source: Bonjour Service
The event description cannot be found.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/02/2021 09:39:10
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 455 second(s) to handle the notification event (CreateSession).
 
Log: 'Application' Date/Time: 10/02/2021 09:32:35
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking a long time to handle the notification event (CreateSession).
 
Log: 'Application' Date/Time: 09/02/2021 22:00:51
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe' (pid 3952) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 07/02/2021 22:27:10
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 22:12:00
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 22:12:00
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 22:08:30
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 22:08:19
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.
 
Log: 'Application' Date/Time: 07/02/2021 11:56:16
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 11:56:15
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 11:52:36
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 11:52:25
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.
 
Log: 'Application' Date/Time: 07/02/2021 11:45:08
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 11:45:08
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 11:41:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 07/02/2021 11:41:24
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.
 
Log: 'Application' Date/Time: 06/02/2021 11:32:56
Type: Warning Category: 3
Event: 472 Source: ESENT
LiveComm (2832) C:\Users\Rena\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\e2b56f441fa0d15d\120712-0049\: The shadow header page of file C:\Users\Rena\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\e2b56f441fa0d15d\120712-0049\DBStore\livecomm.edb was damaged. The primary header page (8192 bytes) was used instead.
 
Log: 'Application' Date/Time: 05/02/2021 10:36:46
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe' (pid 1488) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 05/02/2021 10:36:46
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe' (pid 4564) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 05/02/2021 10:14:47
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 90 second(s) to handle the notification event (CreateSession).
 

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,579 posts
  • MVP

This lmight be the problem:

 

Log: 'Application' Date/Time: 10/02/2021 09:39:10
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 455 second(s) to handle the notification event (CreateSession).
 

 


 
 
455 seconds is almost 7 1/2 minutes.  If it has to wait that long before finishing the boot that would explain the delay.

Open an Elevated Command Prompt:

 

Win 8: http://www.eightforu...indows-8-a.html

Type or Copy then right click in the command window and Paste or Edit then Paste.

net stop cryptsvc

net stop bits

net stop wuauserv

ren %systemroot%\softwaredistribution softwaredistribution.bak

ren %systemroot%\system32\catroot2 catroot2.bak

net start cryptsvc

net start bits

net start wuauserv

(Hit Enter after each line.  Sometimes you can copy the whole thing and paste it all in one fell swoop)

 

Reboot when done.

 

Is it any faster?

 

Please give me a new VEW log for Application


  • 0

#15
bytesize

bytesize

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Got to the point where i tried to run

ren %systemroot%\softwaredistribution softwaredistribution.bak

 

and it says a duplicate file name exists or the file cannot be found

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP