Yes, it says "WMI repository is consistent"
#47
Posted 12 August 2016 - 10:41 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Reboot and then run VEW again and also make a new process explorer log
#48
Posted 12 August 2016 - 11:12 PM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
Uhm.. what is VEW?
#49
Posted 12 August 2016 - 11:16 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
#50
Posted 13 August 2016 - 05:24 AM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/08/2016 9:22:24 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/08/2016 7:13:52 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 30/07/2016 5:27:19 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 30/07/2016 12:21:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 26/07/2016 1:15:07 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 24/07/2016 10:15:43 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 23/07/2016 11:23:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 23/07/2016 10:44:30 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 23/07/2016 8:51:12 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 22/07/2016 12:53:40 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 21/07/2016 10:29:57 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 21/07/2016 11:06:23 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 16/07/2016 3:36:23 AM
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Galaxy J2 (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process. Please contact the device manufacturer for more information about this problem.
Log: 'System' Date/Time: 16/07/2016 3:36:23 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.
Log: 'System' Date/Time: 15/07/2016 2:47:06 PM
Type: Critical Category: 64
Event: 10115 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Galaxy J2 (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times in its own process. Please contact the device manufacturer for more information about this problem.
Log: 'System' Date/Time: 15/07/2016 2:47:06 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.
Log: 'System' Date/Time: 15/07/2016 2:46:04 PM
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device Galaxy J2 (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process. Please contact the device manufacturer for more information about this problem.
Log: 'System' Date/Time: 15/07/2016 2:46:04 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.
Log: 'System' Date/Time: 15/07/2016 2:44:33 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 11/06/2016 10:18:09 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Log: 'System' Date/Time: 10/06/2016 11:46:13 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/08/2016 11:17:02 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 13/08/2016 7:34:26 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 13/08/2016 6:55:52 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 13/08/2016 6:53:41 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 13/08/2016 5:09:19 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 13/08/2016 4:31:28 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 4:31:28 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 4:14:35 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 4:14:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Access_4d8b07 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Log: 'System' Date/Time: 13/08/2016 4:14:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The User Data Storage_4d8b07 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Log: 'System' Date/Time: 13/08/2016 4:14:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Contact Data_4d8b07 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Log: 'System' Date/Time: 13/08/2016 4:14:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Sync Host_4d8b07 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Log: 'System' Date/Time: 13/08/2016 4:12:27 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Log: 'System' Date/Time: 13/08/2016 4:08:32 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 4:05:38 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 4:01:16 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 3:55:45 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 3:50:38 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 3:47:00 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 13/08/2016 3:40:44 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NarcisMain\NiTa SID (S-1-5-21-1902031893-292081950-2695458047-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/08/2016 11:13:57 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 13/08/2016 1:34:04 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 12/08/2016 9:41:44 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\AutoKMS definition. Additional Data: Error Value: C:\windows\AutoKMS.exe.
Log: 'System' Date/Time: 12/08/2016 9:41:33 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android\6&fab1280&1&0000.
Log: 'System' Date/Time: 12/08/2016 9:41:00 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Log: 'System' Date/Time: 12/08/2016 8:29:16 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 12/08/2016 3:33:45 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\AutoKMS definition. Additional Data: Error Value: C:\windows\AutoKMS.exe.
Log: 'System' Date/Time: 12/08/2016 3:33:32 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device USB\VID_04E8&PID_6860&MS_COMP_MTP&SAMSUNG_Android\6&fab1280&1&0000.
Log: 'System' Date/Time: 12/08/2016 3:33:03 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Log: 'System' Date/Time: 12/08/2016 8:35:03 AM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\AutoKMS definition. Additional Data: Error Value: C:\windows\AutoKMS.exe.
Log: 'System' Date/Time: 12/08/2016 8:35:02 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Glide&Rev_1.27#20043513600A80711B01&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
Log: 'System' Date/Time: 12/08/2016 8:34:25 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Log: 'System' Date/Time: 12/08/2016 8:33:55 AM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\AutoKMS definition. Additional Data: Error Value: C:\windows\AutoKMS.exe.
Log: 'System' Date/Time: 12/08/2016 8:33:55 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Glide&Rev_1.27#20043513600A80711B01&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.
Log: 'System' Date/Time: 12/08/2016 8:33:16 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Log: 'System' Date/Time: 10/08/2016 4:55:13 PM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\AutoKMS definition. Additional Data: Error Value: C:\windows\AutoKMS.exe.
Log: 'System' Date/Time: 10/08/2016 4:53:50 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Log: 'System' Date/Time: 10/08/2016 4:44:43 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name blu407-m.hotmail.com timed out after none of the configured DNS servers responded.
Log: 'System' Date/Time: 10/08/2016 7:14:13 AM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\AutoKMS definition. Additional Data: Error Value: C:\windows\AutoKMS.exe.
Log: 'System' Date/Time: 09/08/2016 11:08:22 AM
Type: Warning Category: 414
Event: 414 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service found a misconfiguration in the NT TASK\AutoKMS definition. Additional Data: Error Value: C:\windows\AutoKMS.exe.
#51
Posted 13 August 2016 - 05:27 AM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/08/2016 9:25:11 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/08/2016 11:17:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 11:14:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 7:33:06 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 7:20:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 7:05:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 6:50:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 6:35:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 6:18:44 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 6:03:42 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 5:47:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 5:33:40 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 5:18:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 5:13:59 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 10.0.10586.494 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 10d8 Start Time: 01d1f4e261741bce Termination Time: 0 Application Path: C:\Windows\explorer.exe Report Id: 48f3918b-6114-11e6-82e2-0071c20b7792 Faulting package full name: Faulting package-relative application ID:
Log: 'Application' Date/Time: 13/08/2016 5:02:16 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 4:48:12 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 4:33:05 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 4:17:50 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 4:05:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 3:50:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 3:35:42 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/08/2016 4:48:19 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.
Log: 'Application' Date/Time: 10/08/2016 10:23:14 AM
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\NiTa\Documents\Outlook Files\[email protected] (error=0x809706ba). If this error continues, contact Microsoft Support.
Log: 'Application' Date/Time: 05/08/2016 10:07:20 AM
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{90140000-0011-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles' failed during request for component '{22056900-C842-11D1-A0DD-00A0C9054277}'
Log: 'Application' Date/Time: 05/08/2016 10:07:20 AM
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{90140000-0011-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles', component '{B8F92320-3FBC-4C8B-88ED-A9A9E590D05A}' failed. The resource 'C:\windows\Fonts\MEIRYO.TTC' does not exist.
Log: 'Application' Date/Time: 30/07/2016 2:33:52 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 29/07/2016 11:44:29 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:44:29 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:43:52 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:42:39 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:42:39 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:35:02 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 28/07/2016 9:07:22 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 28/07/2016 10:21:10 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> took 87 second(s) to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/07/2016 10:21:10 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> took 87 second(s) to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/07/2016 10:20:43 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/07/2016 10:20:43 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
Log: 'Application' Date/Time: 27/07/2016 12:46:17 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 26/07/2016 3:01:53 AM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 24/07/2016 1:27:47 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 23/07/2016 1:18:18 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
#52
Posted 13 August 2016 - 06:46 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Log: 'Application' Date/Time: 13/08/2016 11:17:02 AMType: Error Category: 5973Event: 5973 Source: Microsoft-Windows-Immersive-ShellActivation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
This app is not working. Please uninstall:TheWeatherChannelforHP
Some apps allow you to uninstall them in the normal way. Just right-click an app in the All Apps list in the Start menu and select “Uninstall”. (On a touch screen, long-press the app instead of right-clicking.)
If that doesn't work see http://www.howtogeek...reinstall-them/and do the power shell uninstall for Weather.
Let's clear the alarms:
Copy the next line:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
Open an elevated command prompt:
If you open an elevated command prompt it will by default open in c:\Windows\system32
Once you have an elevated command prompt:
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste (or Edit then Paste) and the copied lines should appear. Hit Enter
Reboot
Run VEW again as before.
Also create a Process Explorer log.
#53
Posted 13 August 2016 - 04:55 PM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/08/2016 9:25:11 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/08/2016 11:17:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 11:14:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 7:33:06 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 7:20:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 7:05:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 6:50:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 6:35:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 6:18:44 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 6:03:42 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 5:47:02 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 5:33:40 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 5:18:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 5:13:59 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 10.0.10586.494 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 10d8 Start Time: 01d1f4e261741bce Termination Time: 0 Application Path: C:\Windows\explorer.exe Report Id: 48f3918b-6114-11e6-82e2-0071c20b7792 Faulting package full name: Faulting package-relative application ID:
Log: 'Application' Date/Time: 13/08/2016 5:02:16 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 4:48:12 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 4:33:05 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 4:17:50 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 4:05:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 3:50:38 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
Log: 'Application' Date/Time: 13/08/2016 3:35:42 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Weather.TheWeatherChannelforHP_t3yemqpq4kp7p!App failed with error: This app does not support the contract specified or is not installed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/08/2016 4:48:19 PM
Type: Warning Category: 0
Event: 6001 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> failed a notification event.
Log: 'Application' Date/Time: 10/08/2016 10:23:14 AM
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\NiTa\Documents\Outlook Files\[email protected] (error=0x809706ba). If this error continues, contact Microsoft Support.
Log: 'Application' Date/Time: 05/08/2016 10:07:20 AM
Type: Warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{90140000-0011-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles' failed during request for component '{22056900-C842-11D1-A0DD-00A0C9054277}'
Log: 'Application' Date/Time: 05/08/2016 10:07:20 AM
Type: Warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{90140000-0011-0000-0000-0000000FF1CE}', feature 'ProductNonBootFiles', component '{B8F92320-3FBC-4C8B-88ED-A9A9E590D05A}' failed. The resource 'C:\windows\Fonts\MEIRYO.TTC' does not exist.
Log: 'Application' Date/Time: 30/07/2016 2:33:52 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 29/07/2016 11:44:29 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:44:29 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:43:52 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:42:39 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:42:39 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 29/07/2016 11:35:02 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Log: 'Application' Date/Time: 28/07/2016 9:07:22 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 28/07/2016 10:21:10 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> took 87 second(s) to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/07/2016 10:21:10 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> took 87 second(s) to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/07/2016 10:20:43 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
Log: 'Application' Date/Time: 28/07/2016 10:20:43 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff).
Log: 'Application' Date/Time: 27/07/2016 12:46:17 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 26/07/2016 3:01:53 AM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 24/07/2016 1:27:47 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
Log: 'Application' Date/Time: 23/07/2016 1:18:18 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
#54
Posted 13 August 2016 - 04:56 PM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 14/08/2016 8:56:25 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/08/2016 10:52:49 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Log: 'Application' Date/Time: 13/08/2016 10:52:49 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#55
Posted 13 August 2016 - 05:00 PM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 48.40 0 K 4 K 0
procexp64.exe 13.76 40,144 K 62,112 K 7328 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 12.21 22,736 K 51,872 K 3244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
System 8.07 184 K 12,704 K 4
chrome.exe 6.56 63,860 K 102,092 K 6624 Google Chrome Google Inc. (Verified) Google Inc
dwm.exe 2.70 44,056 K 36,840 K 952 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 2.18 0 K 0 K n/a Hardware Interrupts and DPCs
chrome.exe 1.56 25,372 K 37,672 K 1828 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 1.23 2,288 K 7,216 K 644 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.18 63,552 K 84,120 K 412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.89 72,460 K 125,512 K 4056 Google Chrome Google Inc. (Verified) Google Inc
backgroundTaskHost.exe 0.39 5,704 K 22,652 K 204 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
services.exe 0.24 3,628 K 7,456 K 744 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
backgroundTaskHost.exe 0.23 23,564 K 43,588 K 6800 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.10 38,724 K 67,060 K 396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastSvc.exe 0.09 73,108 K 40,168 K 1576 avast! Service AVAST Software (Verified) AVAST Software a.s.
explorer.exe 0.09 73,408 K 117,716 K 4108 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.03 76,832 K 103,324 K 6016 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.03 10,564 K 22,992 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastUI.exe 0.01 15,704 K 24,832 K 5176 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
OPBHOBrokerDsktop.exe 0.01 2,244 K 1,552 K 3848 HP SimplePass BHO Broker Hewlett-Packard (Verified) Softex Incorporated
svchost.exe 0.01 19,016 K 36,052 K 1172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 5,264 K 10,084 K 860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
audiodg.exe < 0.01 13,604 K 18,636 K 4936 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,592 K 14,636 K 3304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
PhotoshopElementsFileAgent.exe < 0.01 2,672 K 1,316 K 2080 (Verified) Adobe Systems Incorporated
WmiPrvSE.exe 5,768 K 13,428 K 6876 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 1,968 K 7,308 K 6792 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1,572 K 6,068 K 1660 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,976 K 9,368 K 696 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,092 K 4,788 K 632 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,188 K 6,288 K 6764 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 8,156 K 18,244 K 3496 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,480 K 12,716 K 572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,916 K 30,824 K 544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,944 K 17,036 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,128 K 26,240 K 1564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,300 K 28,516 K 516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,864 K 10,072 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,516 K 18,172 K 2252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,560 K 6,408 K 2952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,072 K 8,340 K 2204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6,740 K 16,520 K 1728 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 436 K 1,156 K 368 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
SkypeHost.exe Suspended 11,616 K 16,368 K 4384 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 5,112 K 19,144 K 3704 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe 31,428 K 62,504 K 4812 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 10,356 K 5,816 K 5936 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 43,404 K 90,808 K 3924 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 1,884 K 7,300 K 7460 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 28,792 K 33,852 K 5960 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,660 K 6,356 K 7360 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 13,772 K 39,060 K 1852 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,532 K 6,908 K 1372 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,260 K 6,188 K 2236 RichVideo Module (Verified) CyberLink Corp.
RemindersServer.exe Suspended 8,116 K 19,348 K 4372 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe 5,988 K 13,468 K 1544 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 3,200 K 10,100 K 7348 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
opvapp.exe 1,908 K 7,736 K 5776 (No signature was present in the subject)
OmniServ.exe 4,272 K 12,760 K 1148 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.
mDNSResponder.exe 1,528 K 5,904 K 1944 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe 6,920 K 18,980 K 760 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
ijplmsvc.exe 1,136 K 5,272 K 2052 Inkjet Printer/Scanner/Fax Extended Survey Program Service (Verified) Canon Inc.
fontdrvhost.exe 744 K 2,864 K 6408 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 2,008 K 3,252 K 6740 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dllhost.exe 1,404 K 8,784 K 4516 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 3,920 K 12,612 K 1472 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,472 K 4,212 K 528 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 1,100 K 4,988 K 1668 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 32,628 K 64,404 K 7452 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,572 K 56,940 K 7036 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,932 K 7,856 K 7656 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 34,244 K 64,092 K 1264 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,060 K 6,576 K 7408 Google Chrome Google Inc. (Verified) Google Inc
ApplicationFrameHost.exe 4,564 K 19,524 K 5080 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
afwServ.exe 7,556 K 7,468 K 2012 avast! firewall service AVAST Software (Verified) AVAST Software a.s.
#56
Posted 14 August 2016 - 10:20 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
We have something using svchost. Let's look and see what it is:
Copy the next 2 lines:
TASKLIST /SVC > \junk.txt
notepad \junk.txt
Open an Elevated Command Prompt:
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.
(If you have rebooted since the last Process Explorer log I need a new one too.)
#57
Posted 15 August 2016 - 03:02 AM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 356 N/A
csrss.exe 540 N/A
csrss.exe 636 N/A
wininit.exe 648 N/A
winlogon.exe 700 N/A
services.exe 756 N/A
lsass.exe 772 KeyIso, SamSs, VaultSvc
svchost.exe 836 BrokerInfrastructure, DcomLaunch,
DeviceInstall, LSM, PlugPlay, Power,
SystemEventsBroker
svchost.exe 892 RpcEptMapper, RpcSs
dwm.exe 968 N/A
svchost.exe 1016 Appinfo, BITS, Browser, DoSvc, IKEEXT,
iphlpsvc, LanmanServer, lfsvc, ProfSvc,
Schedule, SENS, ShellHWDetection, Themes,
UserManager, Winmgmt, wlidsvc, WpnService,
wuauserv
svchost.exe 372 BFE, CoreMessagingRegistrar, DPS, MpsSvc,
NcdAutoSetup
svchost.exe 536 StateRepository, tiledatamodelsvc
svchost.exe 1080 AudioEndpointBuilder,
DeviceAssociationService, hidserv,
NcbService, Netman, PcaSvc, SmsRouter,
StorSvc, SysMain, TrkWks, WdiSystemHost,
wudfsvc
svchost.exe 1148 Dhcp, EventLog, HomeGroupProvider, lmhosts,
NgcCtnrSvc, TimeBrokerSvc, wscsvc
svchost.exe 1252 CDPSvc, EventSystem, fdPHost, FontCache,
LicenseManager, netprofm, nsi,
WdiServiceHost, WinHttpAutoProxySvc
OmniServ.exe 1276 omniserv
svchost.exe 1308 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
atiesrxx.exe 1404 AMD External Events Utility
svchost.exe 1528 Audiosrv
RtkAudioService64.exe 1556 RtkAudioService
RAVBg64.exe 1624 N/A
svchost.exe 1672 Wcmsvc
AvastSvc.exe 1784 avast! Antivirus
dasHost.exe 2016 N/A
spoolsv.exe 1208 Spooler
afwServ.exe 1504 avast! Firewall
svchost.exe 2084 AppHostSvc
PhotoshopElementsFileAgen 2136 AdobeActiveFileMonitor6.0
mDNSResponder.exe 2172 Bonjour Service
Memory Compression 2196 N/A
ijplmsvc.exe 2220 IJPLMSVC
RichVideo64.exe 2236 RichVideo64
svchost.exe 2548 FDResPub, SSDPSRV
svchost.exe 2888 PolicyAgent
msdtc.exe 3136 MSDTC
DropboxUpdate.exe 1292 N/A
dllhost.exe 2640 N/A
dllhost.exe 3900 COMSysApp
svchost.exe 3464 WlanSvc
SearchIndexer.exe 3292 WSearch
VSSVC.exe 1652 VSS
svchost.exe 4076 DiagTrack
atieclxx.exe 72 N/A
SearchProtocolHost.exe 4648 N/A
sihost.exe 3716 N/A
svchost.exe 444 CDPUserSvc_9cea6e, OneSyncSvc_9cea6e,
PimIndexMaintenanceSvc_9cea6e,
UnistoreSvc_9cea6e, UserDataSvc_9cea6e
OPBHOBrokerDsktop.exe 3772 N/A
taskhostw.exe 1032 N/A
explorer.exe 4508 N/A
svchost.exe 2680 AppReadiness
opvapp.exe 4444 N/A
dllhost.exe 408 N/A
SettingSyncHost.exe 3536 N/A
ShellExperienceHost.exe 5740 N/A
RuntimeBroker.exe 5900 N/A
taskhostw.exe 6036 N/A
SearchUI.exe 6140 N/A
RemindersServer.exe 6680 N/A
AvastUI.exe 1096 N/A
fontdrvhost.exe 3628 N/A
unsecapp.exe 3328 N/A
WmiPrvSE.exe 5160 N/A
ApplicationFrameHost.exe 4304 N/A
backgroundTaskHost.exe 2872 N/A
chrome.exe 4896 N/A
chrome.exe 6216 N/A
chrome.exe 5576 N/A
chrome.exe 6888 N/A
chrome.exe 2180 N/A
chrome.exe 4020 N/A
chrome.exe 6372 N/A
chrome.exe 6800 N/A
chrome.exe 420 N/A
audiodg.exe 6148 N/A
OneDrive.exe 816 N/A
smartscreen.exe 4000 N/A
cmd.exe 1772 N/A
conhost.exe 6556 N/A
SearchFilterHost.exe 4976 N/A
tasklist.exe 6368 N/A
#58
Posted 15 August 2016 - 03:12 AM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
procexp64.exe 19.12 42,224 K 63,888 K 4680 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
SettingSyncHost.exe 23.71 16,308 K 22,836 K 3536 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7.96 7,416 K 19,160 K 536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,540 K 24,064 K 372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
backgroundTaskHost.exe 4.81 25,708 K 40,616 K 6132 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 15.15 81,436 K 48,992 K 1784 avast! Service AVAST Software (Verified) AVAST Software a.s.
System Idle Process 2.87 0 K 4 K 0
svchost.exe 2.97 18,468 K 39,768 K 388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 1.99 36,792 K 89,956 K 4508 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Interrupts 2.66 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 3.59 43,324 K 27,312 K 968 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.81 5,492 K 8,584 K 892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,824 K 3,880 K 2888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
System 9.80 128 K 40 K 4
csrss.exe 1.58 2,516 K 6,772 K 636 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 1.39 6,144 K 11,476 K 772 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.07 18,392 K 24,360 K 1148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,844 K 6,448 K 2548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RuntimeBroker.exe < 0.01 13,644 K 42,936 K 5900 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 11,988 K 24,244 K 1252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,832 K 20,812 K 836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dasHost.exe 4,032 K 9,492 K 2016 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.13 70,260 K 115,120 K 4896 Google Chrome Google Inc. (Verified) Google Inc
SearchIndexer.exe 37,824 K 32,948 K 3292 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,192 K 5,304 K 756 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.77 71,520 K 115,672 K 2180 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.03 33,816 K 53,340 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
afwServ.exe 0.05 12,808 K 15,360 K 1504 avast! firewall service AVAST Software (Verified) AVAST Software a.s.
chrome.exe 0.27 82,848 K 110,044 K 420 Google Chrome Google Inc. (Verified) Google Inc
OmniServ.exe 3,728 K 3,720 K 1276 HP SimplePass Service Softex Inc. (No signature was present in the subject) Softex Inc.
AvastUI.exe 0.01 16,644 K 31,428 K 1096 avast! Antivirus AVAST Software (Verified) AVAST Software a.s.
chrome.exe 0.02 54,612 K 69,852 K 6888 Google Chrome Google Inc. (Verified) Google Inc
mDNSResponder.exe 1,724 K 3,356 K 2172 Bonjour Service Apple Inc. (Verified) Apple Inc.
svchost.exe 0.09 58,028 K 56,692 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 0.05 6,524 K 19,164 K 1032 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
msdtc.exe 0.01 2,760 K 2,256 K 3136 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 0.01 4,704 K 3,924 K 3900 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,568 K 13,036 K 1308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dllhost.exe < 0.01 3,184 K 10,372 K 408 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,820 K 53,428 K 444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 1,512 K 2,052 K 540 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
PhotoshopElementsFileAgent.exe < 0.01 2,732 K 1,460 K 2136 (Verified) Adobe Systems Incorporated
Memory Compression < 0.01 104 K 19,444 K 2196
WmiPrvSE.exe 2,152 K 8,512 K 2320 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4,232 K 10,412 K 5160 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,152 K 7,912 K 700 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 928 K 1,128 K 648 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
VSSVC.exe 1,456 K 2,408 K 1652 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,212 K 6,880 K 3328 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 1,804 K 8,916 K 6036 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,828 K 8,304 K 3464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,104 K 6,160 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 8,584 K 19,904 K 4076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,380 K 15,368 K 2680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,396 K 6,684 K 1528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,812 K 2,672 K 2084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 9,808 K 6,880 K 1208 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 416 K 508 K 356 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 7,988 K 13,764 K 4000 SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 5,632 K 23,536 K 3716 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe 40,280 K 75,668 K 5740 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 63,820 K 110,284 K 6140 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 2,480 K 11,096 K 4668 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,804 K 7,092 K 5976 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 1,792 K 7,120 K 4372 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1,648 K 3,032 K 1556 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 1,336 K 1,620 K 2236 RichVideo Module (Verified) CyberLink Corp.
RemindersServer.exe Suspended 8,952 K 5,728 K 6680 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RAVBg64.exe 5,984 K 3,168 K 1624 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,792 K 10,176 K 1908 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
opvapp.exe 2,064 K 9,264 K 4444 (No signature was present in the subject)
OPBHOBrokerDsktop.exe 0.03 2,356 K 1,988 K 3772 HP SimplePass BHO Broker Hewlett-Packard (Verified) Softex Incorporated
OneDrive.exe < 0.01 10,804 K 31,956 K 816 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
ijplmsvc.exe 1,172 K 1,552 K 2220 Inkjet Printer/Scanner/Fax Extended Survey Program Service (Verified) Canon Inc.
fontdrvhost.exe 768 K 3,156 K 3628 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 1,932 K 2,148 K 1292 Dropbox Update Dropbox, Inc. (Verified) Dropbox
dllhost.exe 1,300 K 6,032 K 5792 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,576 K 2,572 K 2640 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 2,200 K 9,364 K 5576 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 33,924 K 65,116 K 6372 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 32,740 K 65,220 K 6800 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 25,364 K 57,852 K 4020 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2,344 K 8,372 K 6216 Google Chrome Google Inc. (Verified) Google Inc
backgroundTaskHost.exe Suspended 3,380 K 13,720 K 3260 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 5,668 K 16,084 K 4364 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 2,096 K 8,540 K 424 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 14,876 K 20,008 K 6148 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1,336 K 1,876 K 1404 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,200 K 5,072 K 72 AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
ApplicationFrameHost.exe 4,544 K 18,636 K 4304 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
#59
Posted 15 August 2016 - 11:18 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Every time we look at Process Explorer it looks like a new problem. What make and model is this? I thought I had asked you that but I can't find it now.
Can you delete your current Process Explorer and download a new one?
Get Process Explorer
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a full minute then:
File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.
#60
Posted 15 August 2016 - 02:24 PM
Lady_Rocker
- Topic Starter
-
- Member
-
- 168 posts
Member
First of all.. here's my computer info: (NOTE: Was originally Windows 7)
Also, before I came home, my computer finished an automatic update.. updated Wndows 10, especially...
Edited by Lady_Rocker, 15 August 2016 - 02:31 PM.
Similar Topics
Also tagged with one or more of these keywords: HP, Windows10, internet
![HP desktop - google.com is in Norwegian [Solved] - last post by wayneman50](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-328601.jpg?_r=1546827512)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
