Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Powershell Trying to connect to malicious sites

Started by Twitchi , Jul 11 2017 06:51 AM

  • Please log in to reply

#16
Twitchi
Posted 14 July 2017 - 08:41 AM

Twitchi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Ok have a good time at whatever it is your doing :D

I copy and pasted the 5 lines and got

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Contention"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Messages"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Power"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Render"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Tracing"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/UIPI"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinHttp/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet-Capture/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet-Config/ProxyConfigChanged"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet/UsageLog"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet/WebSocket"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinMDE/MDE"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinRM/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinRM/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinRM/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinURLMon/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windeploy/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Defender/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Defender/WHC"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsBackup/ActionCenter"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wininit/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winlogon/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winlogon/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winsock-AFD/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winsock-NameResolution/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winsock-WS2HELP/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winsrv/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WlanDlg/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wordpad/Admin"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wordpad/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wordpad/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WorkFolders/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WorkFolders/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WorkFolders/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WorkFolders/WHC"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Workplace Join/Admin"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-XAML-Diagnostics/Default"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-XAML/Default"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-XAudio2/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-XAudio2/Performance"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-glcnd/Admin"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-glcnd/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-glcnd/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-mobsync/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-ntshrui"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-ntshrui-perf"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-osk/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-stobject/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel"

C:\WINDOWS\system32>wevtutil cl "Microsoft-WindowsPhone-LocationServiceProvider/Debug"

C:\WINDOWS\system32>wevtutil cl "NIS-Driver-WFP/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Navigator"

C:\WINDOWS\system32>wevtutil cl "Network Isolation Operational"

C:\WINDOWS\system32>wevtutil cl "OSK_SoftKeyboard_Channel"

C:\WINDOWS\system32>wevtutil cl "Physical_Keyboard_Manager_Channel"

C:\WINDOWS\system32>wevtutil cl "PreEmptive"

C:\WINDOWS\system32>wevtutil cl "RTWorkQueueExtended"

C:\WINDOWS\system32>wevtutil cl "RTWorkQueueTheading"

C:\WINDOWS\system32>wevtutil cl "Reason"

C:\WINDOWS\system32>wevtutil cl "SMSApi"

C:\WINDOWS\system32>wevtutil cl "Security"

C:\WINDOWS\system32>wevtutil cl "Setup"

C:\WINDOWS\system32>wevtutil cl "SmbWmiAnalytic"

C:\WINDOWS\system32>wevtutil cl "System"

C:\WINDOWS\system32>wevtutil cl "SystemEventsBroker"

C:\WINDOWS\system32>wevtutil cl "TabletPC_InputPanel_Channel"

C:\WINDOWS\system32>wevtutil cl "TabletPC_InputPanel_Channel/IHM"

C:\WINDOWS\system32>wevtutil cl "TimeBroker"

C:\WINDOWS\system32>wevtutil cl "UIManager_Channel"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_HEVCDECODER_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_KS_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_MFH264Enc_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_MP4SDECD_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_MSMPEG2ADEC_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_MSMPEG2VDEC_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_VC1ENC_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_WMPHOTO_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_wmvdecod_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WMPSetup"

C:\WINDOWS\system32>wevtutil cl "WMPSyncEngine"

C:\WINDOWS\system32>wevtutil cl "Windows Networking Vpn Plugin Platform/Operational"

C:\WINDOWS\system32>wevtutil cl "Windows Networking Vpn Plugin Platform/OperationalVerbose"

C:\WINDOWS\system32>wevtutil cl "Windows PowerShell"

C:\WINDOWS\system32>wevtutil cl "Windows.Globalization/Analytic"

C:\WINDOWS\system32>wevtutil cl "microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin"

C:\WINDOWS\system32>wevtutil cl "muxencode"

C:\WINDOWS\system32>Esentutl /r \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb

Extensible Storage Engine Utilities for Microsoft® Windows®
Version 10.0
Copyright © Microsoft Corporation. All Rights Reserved.

Initiating RECOVERY mode...
    Logfile base name: \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
            Log files: <current directory>
         System files: <current directory>

Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API parameter) after 0.0 seconds.




C:\WINDOWS\system32>Esentutl /p \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb

Extensible Storage Engine Utilities for Microsoft® Windows®
Version 10.0
Copyright © Microsoft Corporation. All Rights Reserved.

Initiating REPAIR mode...
        Database: \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
  Temp. Database: TEMPREPAIR7632.EDB

Checking database integrity.

                     Scanning Status (% complete)

          0    10   20   30   40   50   60   70   80   90  100
          |----|----|----|----|----|----|----|----|----|----|
          ...................................................


Integrity check successful.

Note:
  It is recommended that you immediately perform a full backup
  of this database. If you restore a backup made before the
  repair, the database will be rolled back to the state
  it was in at the time of that backup.

Operation completed successfully in 10.672 seconds.


C:\WINDOWS\system32>Esentutl /r \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb

Extensible Storage Engine Utilities for Microsoft® Windows®
Version 10.0
Copyright © Microsoft Corporation. All Rights Reserved.

Initiating RECOVERY mode...
    Logfile base name: \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb
            Log files: <current directory>
         System files: <current directory>

Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API parameter) after 0.0 seconds.




C:\WINDOWS\system32> Esentutl /p \Users\Owner\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb

looks like the last 2 lines did not execute for some reason


  • 0

Advertisements

#17
Twitchi
Posted 14 July 2017 - 11:49 AM

Twitchi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Ahh forgot to get the VEW log after the CMD's

but did the all in one and here are the 2 logs from VEW after

System

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 14-Jul-17 1:09:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14-Jul-17 12:07:45 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 12:07:45 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:37:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14-Jul-17 10:35:19 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1060) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 229376 (0x0000000000038000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (20 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.



And Application
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 14-Jul-17 1:09:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14-Jul-17 12:07:45 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 12:07:45 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:37:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14-Jul-17 10:35:19 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1060) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 229376 (0x0000000000038000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (20 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.




 


  • 0

#18
RKinner
Posted 14 July 2017 - 01:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,734 posts
  • MVP

Just had to make a run to the SuperWalmart.  I'm out in the country and my wife is coming in tomorrow so I needed to stock up on stuff she likes to eat.  It's a bit over an hour each way,

 

Looks like all-in-one fixed the bits and luafv problems.

 

 l messed up again on the edb stuff.  I thought I had made the username changes but it appears that I didn't.  Let's try again:

 

Copy the next 5 lines:
 
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Esentutl /r \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb 
Esentutl /p \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb 
Esentutl /r \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb
Esentutl /p \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb 
 
 
Open an Elevated Command Prompt:
 
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter.
 
Then reboot.  Run VEW again as before.

  • 0

#19
Twitchi
Posted 14 July 2017 - 01:29 PM

Twitchi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Contention"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Messages"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Power"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Render"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/Tracing"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Win32k/UIPI"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinHttp/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet-Capture/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet-Config/ProxyConfigChanged"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet/UsageLog"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinINet/WebSocket"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinMDE/MDE"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinRM/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinRM/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinRM/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WinURLMon/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windeploy/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Defender/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Defender/WHC"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsBackup/ActionCenter"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wininit/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winlogon/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winlogon/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winsock-AFD/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winsock-NameResolution/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winsock-WS2HELP/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Winsrv/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WlanDlg/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wordpad/Admin"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wordpad/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Wordpad/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WorkFolders/Analytic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WorkFolders/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WorkFolders/Operational"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-WorkFolders/WHC"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-Workplace Join/Admin"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-XAML-Diagnostics/Default"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-XAML/Default"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-XAudio2/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-XAudio2/Performance"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-glcnd/Admin"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-glcnd/Debug"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-glcnd/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-mobsync/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-ntshrui"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-ntshrui-perf"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-osk/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-Windows-stobject/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel"

C:\WINDOWS\system32>wevtutil cl "Microsoft-WindowsPhone-LocationServiceProvider/Debug"

C:\WINDOWS\system32>wevtutil cl "NIS-Driver-WFP/Diagnostic"

C:\WINDOWS\system32>wevtutil cl "Navigator"

C:\WINDOWS\system32>wevtutil cl "Network Isolation Operational"

C:\WINDOWS\system32>wevtutil cl "OSK_SoftKeyboard_Channel"

C:\WINDOWS\system32>wevtutil cl "Physical_Keyboard_Manager_Channel"

C:\WINDOWS\system32>wevtutil cl "PreEmptive"

C:\WINDOWS\system32>wevtutil cl "RTWorkQueueExtended"

C:\WINDOWS\system32>wevtutil cl "RTWorkQueueTheading"

C:\WINDOWS\system32>wevtutil cl "Reason"

C:\WINDOWS\system32>wevtutil cl "SMSApi"

C:\WINDOWS\system32>wevtutil cl "Security"

C:\WINDOWS\system32>wevtutil cl "Setup"

C:\WINDOWS\system32>wevtutil cl "SmbWmiAnalytic"

C:\WINDOWS\system32>wevtutil cl "System"

C:\WINDOWS\system32>wevtutil cl "SystemEventsBroker"

C:\WINDOWS\system32>wevtutil cl "TabletPC_InputPanel_Channel"

C:\WINDOWS\system32>wevtutil cl "TabletPC_InputPanel_Channel/IHM"

C:\WINDOWS\system32>wevtutil cl "TimeBroker"

C:\WINDOWS\system32>wevtutil cl "UIManager_Channel"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_HEVCDECODER_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_KS_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_MFH264Enc_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_MP4SDECD_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_MSMPEG2ADEC_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_MSMPEG2VDEC_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_VC1ENC_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_WMPHOTO_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WINDOWS_wmvdecod_CHANNEL"

C:\WINDOWS\system32>wevtutil cl "WMPSetup"

C:\WINDOWS\system32>wevtutil cl "WMPSyncEngine"

C:\WINDOWS\system32>wevtutil cl "Windows Networking Vpn Plugin Platform/Operational"

C:\WINDOWS\system32>wevtutil cl "Windows Networking Vpn Plugin Platform/OperationalVerbose"

C:\WINDOWS\system32>wevtutil cl "Windows PowerShell"

C:\WINDOWS\system32>wevtutil cl "Windows.Globalization/Analytic"

C:\WINDOWS\system32>wevtutil cl "microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin"

C:\WINDOWS\system32>wevtutil cl "muxencode"

C:\WINDOWS\system32>Esentutl /r \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb

Extensible Storage Engine Utilities for Microsoft® Windows®
Version 10.0
Copyright © Microsoft Corporation. All Rights Reserved.

Initiating RECOVERY mode...
    Logfile base name: \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
            Log files: <current directory>
         System files: <current directory>

Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API parameter) after 0.0 seconds.




C:\WINDOWS\system32>Esentutl /p \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb

Extensible Storage Engine Utilities for Microsoft® Windows®
Version 10.0
Copyright © Microsoft Corporation. All Rights Reserved.

Initiating REPAIR mode...
        Database: \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
  Temp. Database: TEMPREPAIR9456.EDB

Checking database integrity.

                     Scanning Status (% complete)

          0    10   20   30   40   50   60   70   80   90  100
          |----|----|----|----|----|----|----|----|----|----|
          ...................................................


Integrity check successful.

Note:
  It is recommended that you immediately perform a full backup
  of this database. If you restore a backup made before the
  repair, the database will be rolled back to the state
  it was in at the time of that backup.

Operation completed successfully in 67.515 seconds.


C:\WINDOWS\system32>Esentutl /r \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb

Extensible Storage Engine Utilities for Microsoft® Windows®
Version 10.0
Copyright © Microsoft Corporation. All Rights Reserved.

Initiating RECOVERY mode...
    Logfile base name: \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb
            Log files: <current directory>
         System files: <current directory>

Operation terminated with error -1003 (JET_errInvalidParameter, Invalid API parameter) after 0.0 seconds.




C:\WINDOWS\system32>Esentutl /p \Users\Twitchi\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb

 

 

 

 

I got this and it appears that the last command did not run(?) Pressed enter and it did its thing, operation complete, will send VEW log


Also I know its more pain in the rear than anything.. but man what an adventure to get food :D


Edited by Twitchi, 14 July 2017 - 01:32 PM.

  • 0

#20
Twitchi
Posted 14 July 2017 - 01:34 PM

Twitchi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Application VEW

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 14-Jul-17 1:09:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14-Jul-17 12:07:45 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 12:07:45 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:37:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14-Jul-17 10:35:19 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1060) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 229376 (0x0000000000038000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (20 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

 

and system
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 14-Jul-17 1:09:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14-Jul-17 12:07:45 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 12:07:45 PM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:52:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:37:45 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app 56540Oprio.Taskify_v1e60k6hyvhk0!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 14-Jul-17 11:29:35 AM
Type: Error Category: 5973
Event: 5973 Source: Microsoft-Windows-Immersive-Shell
Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: This app can't be activated by the Built-in Administrator. See the Microsoft-Windows-TWinUI/Operational log for additional information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14-Jul-17 10:35:19 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1060) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 229376 (0x0000000000038000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (20 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 


  • 0

#21
RKinner
Posted 14 July 2017 - 02:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,734 posts
  • MVP

Both VEWs are Application.  Do you have a System log?


  • 0

#22
Twitchi
Posted 14 July 2017 - 07:20 PM

Twitchi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Apologies..turns out I did not open as admin :P

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 15-Jul-17 2:19:55 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14-Jul-17 7:34:46 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ajax.cloudflare.com timed out after none of the configured DNS servers responded.



(edit: I double checked the settings.. still getting a very blank report)

 


Edited by Twitchi, 14 July 2017 - 07:22 PM.

  • 0

#23
Twitchi
Posted 14 July 2017 - 07:29 PM

Twitchi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Not sure if relevant but malwarebytes has just hit a detection

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/15/17
Scan Time: 2:14 AM
Log File: malreport.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2365
License: Trial

-System Information-
OS: Windows 10 (Build 14393.1358)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 435926
Threats Detected: 3
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 12 min, 34 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1265003007-341673947-2575449671-1000\CONSOLE\TASKENG.EXE, No Action By User, [9499], [408199],1.0.2365

Registry Value: 2
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1265003007-341673947-2575449671-1000\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, No Action By User, [9499], [408201],1.0.2365
PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1265003007-341673947-2575449671-1000\CONSOLE\TASKENG.EXE|WINDOWPOSITION, No Action By User, [9499], [408199],1.0.2365

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)


  • 0

#24
RKinner
Posted 14 July 2017 - 07:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,734 posts
  • MVP

No new edb errors so I think we fixed that anyway.  

 

I think all of these Event: 5973  errors may just mean you have to click on the app and get it to work once.  

 

The MBAM detection looks likes the source of your original complaint so let it remove what it found.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP