Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Weird login screen behavior from Windows 10

Started by daba , Jan 22 2020 03:35 PM

windows 10 password login fake login screen

Please log in to reply

#16
RKinner

Posted 08 February 2020 - 09:35 PM

Malware Expert

Expert
24,624 posts

Log: 'System' Date/Time: 08/02/2020 3:13:06 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Primary Bus:Device:Function: 0x0:0x1C:0x5 Secondary Bus:Device:Function: 0x0:0x0:0x0 Primary Device Name:PCI\VEN_8086&DEV_9D15&SUBSYS_08411028&REV_F1 Secondary Device Name:

I think this is the Intel Chipset. Direct link to the download:

https://dl.dell.com/...8144_A08_03.EXE

Download, Save and Right click on it and Run As Admin then follow the instructions. Then clear the alarms as before, reboot and run VEW again for System only and post the log.

#17
daba

Posted 09 February 2020 - 02:40 PM

Member

Topic Starter
Member
367 posts

Thank you very much for helping me with this.

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 09/02/2020 8:38:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 23/01/2020 11:06:13 AM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/12/2019 5:51:32 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 09/02/2020 12:08:22 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXrav05394kr2asczrmehhj4x2zas01ft6.mca did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 06/02/2020 8:28:22 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Windows Push Notifications User Service_eac0806 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 27/01/2020 9:35:31 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The aswbIDSAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 27/01/2020 4:56:53 PM

Type: Error Category: 0

Event: 11 Source: disk

The driver detected a controller error on \Device\Harddisk1\DR3.

Log: 'System' Date/Time: 24/01/2020 11:01:57 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:57:57 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:53:56 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:49:56 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:45:55 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:41:54 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:37:53 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The User Data Access_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The User Data Storage_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Contact Data_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Sync Host_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Windows Push Notifications User Service_7cc9d service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Connected Devices Platform User Service_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:35:41 PM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 23/01/2020 11:31:41 PM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {1FFE4FFD-25B1-40B1-A1EA-EF633353BB4E} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 23/01/2020 11:27:40 PM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 09/02/2020 8:36:41 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DAVIDDELL2\David Jackson SID (S-1-5-21-2490165305-1638453623-257508744-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/02/2020 8:34:59 PM

Type: Warning Category: 7

Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 09/02/2020 8:34:54 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/02/2020 8:34:54 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 09/02/2020 8:33:51 PM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 09/02/2020 8:33:47 PM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device ACPI\INT3400\2&daba3ff&1.

Log: 'System' Date/Time: 09/02/2020 8:30:43 PM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 09/02/2020 8:21:01 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Primary Bus:Device:Function: 0x0:0x1C:0x5 Secondary Bus:Device:Function: 0x0:0x0:0x0 Primary Device Name:PCI\VEN_8086&DEV_9D15&SUBSYS_08411028&REV_F1 Secondary Device Name:

Log: 'System' Date/Time: 09/02/2020 8:20:59 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 8:20:50 PM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 09/02/2020 7:57:13 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 6:51:13 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 6:43:46 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user DAVIDDELL2\David Jackson SID (S-1-5-21-2490165305-1638453623-257508744-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/02/2020 6:15:53 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 09/02/2020 6:15:13 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 6:15:13 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 6:14:58 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 09/02/2020 5:49:23 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 09/02/2020 5:47:13 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 5:46:04 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

#18
RKinner

Posted 09 February 2020 - 02:54 PM

Malware Expert

Expert
24,624 posts

Hard to say. The last WHEA error was

Log: 'System' Date/Time: 09/02/2020 8:21:01 PM

but it looks like that was before the last reboot. Can you run VEW one more time? If there are no new WHEA errors later than 09/02/2020 8:21:01 PM then the update fixed the problem.

#19
daba

Posted 10 February 2020 - 06:32 AM

Member

Topic Starter
Member
367 posts

Thank you very much for the assistance. Lost me a bit though. How's it look? What's all this about premature shutdown? Thank you.

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 10/02/2020 12:25:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 23/01/2020 11:06:13 AM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/12/2019 5:51:32 PM

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 09/02/2020 12:08:22 AM

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXrav05394kr2asczrmehhj4x2zas01ft6.mca did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 06/02/2020 8:28:22 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

Log: 'System' Date/Time: 27/01/2020 9:35:31 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The aswbIDSAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 27/01/2020 4:56:53 PM

Type: Error Category: 0

Event: 11 Source: disk

The driver detected a controller error on \Device\Harddisk1\DR3.

Log: 'System' Date/Time: 24/01/2020 11:01:57 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:57:57 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:53:56 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:49:56 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:45:55 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:41:54 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 24/01/2020 10:37:53 AM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The User Data Access_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The User Data Storage_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Contact Data_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Sync Host_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

Log: 'System' Date/Time: 23/01/2020 11:38:06 PM

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The Connected Devices Platform User Service_7cc9d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Log: 'System' Date/Time: 23/01/2020 11:35:41 PM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 23/01/2020 11:31:41 PM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {1FFE4FFD-25B1-40B1-A1EA-EF633353BB4E} timed out waiting for the service WpnUserService_7cc9d to stop.

Log: 'System' Date/Time: 23/01/2020 11:27:40 PM

Type: Error Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

The activation of the CLSID {D18705BE-FC2F-44C8-AEFF-1CD49AEA8FC1} timed out waiting for the service WpnUserService_7cc9d to stop.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 10/02/2020 12:23:47 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 10/02/2020 12:23:30 PM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 10/02/2020 12:23:29 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 10/02/2020 12:23:29 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 10/02/2020 9:52:30 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 10/02/2020 9:51:40 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 10/02/2020 9:51:40 AM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 10/02/2020 9:51:09 AM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 10/02/2020 9:51:08 AM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 10/02/2020 9:51:08 AM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 11:02:50 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 10:23:50 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 9:49:50 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 9:23:49 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 9:18:50 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 9:18:50 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 9:17:50 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 9:06:51 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 09/02/2020 8:48:50 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 09/02/2020 8:36:41 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

#20
RKinner

Posted 10 February 2020 - 08:22 AM

Malware Expert

Expert
24,624 posts

The shutdowns were a while ago. Probably ran out of battery.

The WHEA error is still with us. Try the latest from Intel:

https://downloadcent...y?product=46644

This is a Zip file so you need to save it then right click and extract all. Then right click on SetupChipset.exe and Run As Admin.

Let's use FRST to rerun DISM & SFC and to clear the alarms.

Download the attached fixlist.txt to the same location as FRST

fixlist.txt 310bytes 344 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#21
daba

Posted 10 February 2020 - 05:26 PM

Member

Topic Starter
Member
367 posts

Thank you very much. I only now realised that there are in some cases thousands of views on my posts to geekstogo - why is that? Who are these viewers and what is their interest? What is the security risk? Thank you again.

#22
RKinner

Posted 10 February 2020 - 10:26 PM

Malware Expert

Expert
24,624 posts

There are many search bots from Google, Bing etc that check out the forum all of the time. I expect that's why you are seeing lots of views. Don't think there is anything in your post that you need to worry about.

The fixlog went well. The update to the chipset seems to have fixed the WHEA error.

Does it seem to boot as fast as usual? Does it run as fast as usual?

#23
daba

Posted 11 February 2020 - 02:26 PM

Member

Topic Starter
Member
367 posts

Thank you so much for all you help. I'm glad you're happy with the fix. It seems to be running a bit quicker. Regarding the boot time, I can't judge because it's not something I've been evaluating. I just clicked Restart and it took about four minutes to get everything back up and running. Thank you once again. Much obliged.

#24
daba

Posted 23 February 2020 - 04:45 AM

Member

Topic Starter
Member
367 posts

Hello again. Hope I'm not breaking some rule by hopping back on this thread. The thing is that there's something wrong with the fans. Normally, I would almost never notice them because they would appear to rarely come in. Now, after that last driver update I think, not 100% sure, they're/it's constantly on and sometimes goes crazy wild. It's annoying but also concerning since it surely is indicative that something's changed and/or isn't quite right. If you have any ideas, I'd be very grateful. Thank you very much.

#25
RKinner

Posted 23 February 2020 - 05:48 AM

Malware Expert

Expert
24,624 posts

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

#26
daba

Posted 23 February 2020 - 12:05 PM

Member

Topic Starter
Member
367 posts

Thank you very much. I think I may have not done this step correctly.

Process CPU Private Bytes Working Set PID Verified Signer

amdow.exe 2,444 K 1,504 K 1132 (Verified) Advanced Micro Devices, Inc.

ApplicationFrameHost.exe 4,764 K 21,144 K 12656 (Verified) Microsoft Windows

armsvc.exe 1,416 K 1,404 K 4340 (Verified) Adobe Inc.

atiesrxx.exe 1,520 K 1,768 K 928

atiw.exe 2,652 K 8,916 K 10932 (Verified) Dell Technologies Inc.

AvastUI.exe 14,224 K 30,168 K 14376 (Verified) AVAST Software s.r.o.

brave.exe 62,548 K 77,512 K 12388 (Verified) Brave Software, Inc.

brave.exe 33,268 K 61,104 K 15068 (Verified) Brave Software, Inc.

brave.exe 22,124 K 44,032 K 15440 (Verified) Brave Software, Inc.

brave.exe 23,984 K 46,612 K 6472 (Verified) Brave Software, Inc.

brave.exe 6,360 K 11,332 K 17108 (Verified) Brave Software, Inc.

brave.exe 18,064 K 30,052 K 15708 (Verified) Brave Software, Inc.

brave.exe 60,500 K 93,864 K 2488 (Verified) Brave Software, Inc.

brave.exe 1,780 K 6,096 K 15944 (Verified) Brave Software, Inc.

brave.exe 25,328 K 44,936 K 8108 (Verified) Brave Software, Inc.

brave.exe 28,224 K 53,436 K 11588 (Verified) Brave Software, Inc.

brave.exe 19,624 K 38,504 K 752 (Verified) Brave Software, Inc.

ChsIME.exe 1,892 K 7,412 K 16528 (Verified) Microsoft Windows

conhost.exe 6,620 K 1,048 K 16892 (Verified) Microsoft Windows

conhost.exe 6,620 K 1,012 K 4960 (Verified) Microsoft Windows

csrss.exe 1,892 K 1,096 K 5420 (Verified) Microsoft Windows Publisher

csrss.exe 2,252 K 4,536 K 676 (Verified) Microsoft Windows Publisher

csrss.exe 1,932 K 1,044 K 860 (Verified) Microsoft Windows Publisher

ctfmon.exe 4,180 K 13,964 K 11696 (Verified) Microsoft Windows

DDVCollectorSvcApi.exe 1,940 K 2,336 K 11408 (Verified) Dell Technologies Inc.

DDVDataCollector.exe 29,960 K 12,504 K 11520 (Verified) Dell Technologies Inc.

DDVRulesProcessor.exe 6,980 K 5,328 K 7440 (Verified) Dell Technologies Inc.

dllhost.exe 3,792 K 3,432 K 3412 (Verified) Microsoft Windows

dllhost.exe 2,720 K 9,500 K 668 (Verified) Microsoft Windows

esif_uf.exe 1,900 K 2,912 K 4228 (Verified) Intel Corporation

fontdrvhost.exe 2,288 K 976 K 1092 (Verified) Microsoft Windows

fontdrvhost.exe 4,028 K 6,296 K 16152 (Verified) Microsoft Windows

IAStorDataMgrSvc.exe 149,628 K 38,436 K 7620 (Verified) Intel® Rapid Storage Technology

IAStorIcon.exe 33,804 K 27,224 K 15292 (Verified) Intel® Rapid Storage Technology

igfxCUIService.exe 2,108 K 4,084 K 2500 (Verified) Intel® pGFX

igfxEM.exe 6,412 K 20,240 K 14104 (Verified) Intel® pGFX

IntelCpHDCPSvc.exe 1,816 K 2,288 K 4236 (Verified) Intel® pGFX

IntelCpHeciSvc.exe 1,700 K 2,260 K 4704 (Verified) Intel® pGFX

jhi_service.exe 1,364 K 356 K 8984 (Verified) Intel® Embedded Subsystems and IP Blocks Group

LMS.exe 3,856 K 4,220 K 6288 (Verified) Intel® Embedded Subsystems and IP Blocks Group

LockApp.exe Suspended 12,680 K 41,044 K 13904 (Verified) Microsoft Windows

lsass.exe 9,736 K 14,016 K 952 (Verified) Microsoft Windows Publisher

msdtc.exe 3,140 K 388 K 9968 (Verified) Microsoft Windows

procexp.exe 4,564 K 11,076 K 15280 (Verified) Microsoft Corporation

QcomWlanSrvx64.exe 1,556 K 2,088 K 4244 (Verified) Qualcomm Atheros

RAVBg64.exe 6,088 K 12,836 K 7984 (Verified) Realtek Semiconductor Corp.

Registry 4,592 K 65,912 K 120

RemindersServer.exe Suspended 8,048 K 17,204 K 13004 (Verified) Microsoft Windows

RtkAudioService64.exe 1,988 K 3,148 K 3096 (Verified) Realtek Semiconductor Corp.

RtkNGUI64.exe 4,504 K 11,612 K 3044 (Verified) Realtek Semiconductor Corp.

RuntimeBroker.exe 2,636 K 9,272 K 2260 (Verified) Microsoft Windows

RuntimeBroker.exe 7,420 K 21,436 K 9332 (Verified) Microsoft Windows

RuntimeBroker.exe 6,024 K 22,472 K 13352 (Verified) Microsoft Windows

RuntimeBroker.exe 3,728 K 14,984 K 15900 (Verified) Microsoft Windows

RuntimeBroker.exe 6,468 K 25,212 K 13152 (Verified) Microsoft Windows

RuntimeBroker.exe 8,732 K 23,468 K 7300 (Verified) Microsoft Windows

schtasks.exe 1,368 K 1,148 K 13028 (Verified) Microsoft Windows

schtasks.exe 1,348 K 1,140 K 14268 (Verified) Microsoft Windows

SearchFilterHost.exe 2,136 K 7,152 K 15892 (Verified) Microsoft Windows

SearchIndexer.exe 44,988 K 36,396 K 5628 (Verified) Microsoft Windows

SearchProtocolHost.exe 2,056 K 7,824 K 11404 (Verified) Microsoft Windows

SearchProtocolHost.exe 2,772 K 9,840 K 7080 (Verified) Microsoft Windows

SearchUI.exe Suspended 79,132 K 49,204 K 6200 (Verified) Microsoft Windows

SecurityHealthService.exe 6,980 K 10,316 K 8608 (Verified) Microsoft Windows Publisher

SecurityHealthSystray.exe 1,908 K 7,928 K 6912 (Verified) Microsoft Windows

services.exe 7,344 K 7,412 K 932 (Verified) Microsoft Windows Publisher

SettingSyncHost.exe 3,000 K 3,992 K 10848 (Verified) Microsoft Windows

SgrmBroker.exe 3,712 K 4,056 K 12160 (Verified) Microsoft Windows Publisher

ShellExperienceHost.exe Suspended 12,680 K 43,188 K 10664 (Verified) Microsoft Windows

sihost.exe 7,912 K 24,856 K 13172 (Verified) Microsoft Windows

SkypeApp.exe Suspended 215,576 K 33,608 K 16720 (No signature was present in the subject) Microsoft Corporation

SkypeBackgroundHost.exe Suspended 2,124 K 8,104 K 6836 (No signature was present in the subject) Microsoft Corporation

smss.exe 1,152 K 396 K 516 (Verified) Microsoft Windows Publisher

spoolsv.exe 5,960 K 4,616 K 3952 (Verified) Microsoft Windows

StartMenu.exe 3,300 K 9,896 K 10220 (No signature was present in the subject) Open-Shell

StartMenuExperienceHost.exe 24,472 K 63,360 K 13432 (Verified) Microsoft Windows

svchost.exe 960 K 380 K 644 (Verified) Microsoft Windows Publisher

svchost.exe 2,024 K 2,156 K 1444 (Verified) Microsoft Windows Publisher

svchost.exe 2,436 K 4,752 K 1452 (Verified) Microsoft Windows Publisher

svchost.exe 3,016 K 6,492 K 1464 (Verified) Microsoft Windows Publisher

svchost.exe 2,452 K 3,768 K 1656 (Verified) Microsoft Windows Publisher

svchost.exe 2,276 K 2,460 K 1688 (Verified) Microsoft Windows Publisher

svchost.exe 1,664 K 2,152 K 2180 (Verified) Microsoft Windows Publisher

svchost.exe 1,404 K 1,628 K 2336 (Verified) Microsoft Windows Publisher

svchost.exe 2,452 K 4,620 K 2360 (Verified) Microsoft Windows Publisher

svchost.exe 2,420 K 5,680 K 2476 (Verified) Microsoft Windows Publisher

svchost.exe 1,828 K 3,988 K 2796 (Verified) Microsoft Windows Publisher

svchost.exe 2,656 K 6,468 K 2844 (Verified) Microsoft Windows Publisher

svchost.exe 2,164 K 3,136 K 4300 (Verified) Microsoft Windows Publisher

svchost.exe 1,644 K 380 K 4316 (Verified) Microsoft Windows Publisher

svchost.exe 1,668 K 1,728 K 4624 (Verified) Microsoft Windows Publisher

svchost.exe 1,732 K 2,836 K 5904 (Verified) Microsoft Windows Publisher

svchost.exe 2,364 K 3,384 K 4036 (Verified) Microsoft Windows Publisher

svchost.exe 2,388 K 4,948 K 6184 (Verified) Microsoft Windows Publisher

svchost.exe 5,532 K 11,444 K 6684 (Verified) Microsoft Windows Publisher

svchost.exe 2,044 K 2,460 K 6660 (Verified) Microsoft Windows Publisher

svchost.exe 5,596 K 9,752 K 7692 (Verified) Microsoft Windows Publisher

svchost.exe 3,212 K 5,212 K 11924 (Verified) Microsoft Windows Publisher

svchost.exe 3,236 K 3,192 K 12812 (Verified) Microsoft Windows Publisher

svchost.exe 2,376 K 5,736 K 9652 (Verified) Microsoft Windows Publisher

svchost.exe 2,032 K 7,100 K 11632 (Verified) Microsoft Windows Publisher

svchost.exe 1,508 K 5,624 K 13900 (Verified) Microsoft Windows Publisher

svchost.exe 2,540 K 5,120 K 1544 (Verified) Microsoft Windows Publisher

svchost.exe 6,620 K 5,788 K 2056 (Verified) Microsoft Windows Publisher

svchost.exe 4,028 K 13,284 K 17312 (Verified) Microsoft Windows Publisher

svchost.exe 3,164 K 8,532 K 3592 (Verified) Microsoft Windows Publisher

svchost.exe 5,768 K 13,692 K 4276 (Verified) Microsoft Windows Publisher

svchost.exe 7,812 K 28,988 K 8784 (Verified) Microsoft Windows Publisher

svchost.exe 6,740 K 3,524 K 11224 (Verified) Microsoft Windows Publisher

svchost.exe 5,928 K 18,676 K 10268 (Verified) Microsoft Windows Publisher

svchost.exe 2,312 K 5,116 K 15792 (Verified) Microsoft Windows Publisher

svchost.exe 1,868 K 2,352 K 3236 (Verified) Microsoft Windows Publisher

svchost.exe 2,856 K 6,340 K 1488 (Verified) Microsoft Windows Publisher

svchost.exe 2,376 K 2,424 K 6652 (Verified) Microsoft Windows Publisher

svchost.exe 3,100 K 6,536 K 1936 (Verified) Microsoft Windows Publisher

svchost.exe 3,132 K 5,468 K 3244 (Verified) Microsoft Windows Publisher

svchost.exe 4,212 K 6,412 K 2728 (Verified) Microsoft Windows Publisher

svchost.exe 12,256 K 14,088 K 4024 (Verified) Microsoft Windows Publisher

svchost.exe 5,696 K 6,564 K 2432 (Verified) Microsoft Windows Publisher

svchost.exe 2,212 K 3,520 K 2804 (Verified) Microsoft Windows Publisher

svchost.exe 8,112 K 10,380 K 2612 (Verified) Microsoft Windows Publisher

svchost.exe 4,208 K 13,028 K 1244 (Verified) Microsoft Windows Publisher

svchost.exe 4,204 K 11,124 K 15016 (Verified) Microsoft Windows Publisher

svchost.exe 2,416 K 5,960 K 10808 (Verified) Microsoft Windows Publisher

svchost.exe 23,740 K 26,320 K 4292 (Verified) Microsoft Windows Publisher

svchost.exe 3,588 K 17,668 K 5472 (Verified) Microsoft Windows Publisher

svchost.exe 3,136 K 6,808 K 2284 (Verified) Microsoft Windows Publisher

svchost.exe 17,740 K 12,076 K 1912 (Verified) Microsoft Windows Publisher

svchost.exe 4,892 K 6,220 K 9212 (Verified) Microsoft Windows Publisher

svchost.exe 2,648 K 3,696 K 2080 (Verified) Microsoft Windows Publisher

svchost.exe 4,856 K 8,360 K 2244 (Verified) Microsoft Windows Publisher

svchost.exe 6,852 K 8,016 K 3480 (Verified) Microsoft Windows Publisher

svchost.exe 2,284 K 1,668 K 4572 (Verified) Microsoft Windows Publisher

svchost.exe 4,208 K 8,972 K 1732 (Verified) Microsoft Windows Publisher

svchost.exe 2,504 K 3,588 K 4868 (Verified) Microsoft Windows Publisher

svchost.exe 2,116 K 2,512 K 1956 (Verified) Microsoft Windows Publisher

svchost.exe 8,656 K 12,956 K 3200 (Verified) Microsoft Windows Publisher

svchost.exe 6,092 K 10,432 K 4880 (Verified) Microsoft Windows Publisher

svchost.exe 2,952 K 7,216 K 3636 (Verified) Microsoft Windows Publisher

svchost.exe 3,028 K 2,568 K 6892 (Verified) Microsoft Windows Publisher

svchost.exe 16,460 K 12,744 K 8616 (Verified) Microsoft Windows Publisher

svchost.exe 9,316 K 23,812 K 7412 (Verified) Microsoft Windows Publisher

svchost.exe 11,760 K 13,772 K 5784 (Verified) Microsoft Windows Publisher

svchost.exe 11,312 K 15,032 K 1224 (Verified) Microsoft Windows Publisher

svchost.exe 2,468 K 2,488 K 4532 (Verified) Microsoft Windows Publisher

svchost.exe 62,616 K 21,964 K 4260 (Verified) Microsoft Windows Publisher

taskhostw.exe 6,852 K 14,668 K 7332 (Verified) Microsoft Windows

Video.UI.exe Suspended 22,324 K 9,084 K 13080 (No signature was present in the subject)

WavesSvc64.exe 11,932 K 12,188 K 12816 (Verified) Waves Inc

WavesSysSvc64.exe 5,216 K 1,856 K 4268 (Verified) Waves Inc

WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe 11,360 K 41,800 K 5464 (Verified) Microsoft Windows

wininit.exe 1,804 K 1,748 K 884 (Verified) Microsoft Windows Publisher

winlogon.exe 2,736 K 9,128 K 12128 (Verified) Microsoft Windows

WmiPrvSE.exe 27,564 K 36,784 K 14008 (Verified) Microsoft Windows

wsc_proxy.exe 2,640 K 2,232 K 2352 (Verified) AVAST Software s.r.o.

WUDFHost.exe 4,088 K 6,104 K 672 (Verified) Microsoft Windows

Memory Compression < 0.01 1,152 K 9,708 K 2756

svchost.exe < 0.01 3,792 K 5,972 K 4952 (Verified) Microsoft Windows Publisher

csrss.exe < 0.01 2,312 K 2,248 K 748 (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 6,504 K 14,264 K 4504 (Verified) Microsoft Windows Publisher

brave.exe < 0.01 57,228 K 58,812 K 9252 (Verified) Brave Software, Inc.

RAVBg64.exe < 0.01 4,452 K 11,748 K 424 (Verified) Realtek Semiconductor Corp.

AdminService.exe < 0.01 2,452 K 3,444 K 4348 (Verified) Microsoft Windows Hardware Compatibility Publisher

svchost.exe < 0.01 23,392 K 30,272 K 1056 (Verified) Microsoft Windows Publisher

brave.exe < 0.01 6,044 K 12,284 K 11420 (Verified) Brave Software, Inc.

AMDRSServ.exe < 0.01 153,268 K 8,900 K 6880 (Verified) Advanced Micro Devices, Inc.

dptf_helper.exe < 0.01 1,532 K 4,284 K 7776 (Verified) Intel Corporation

svchost.exe < 0.01 2,976 K 4,288 K 6140 (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 3,708 K 5,812 K 1288 (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 43,448 K 38,080 K 2344 (Verified) Microsoft Windows Publisher

brave.exe < 0.01 44,584 K 60,284 K 7896 (Verified) Brave Software, Inc.

unsecapp.exe < 0.01 1,704 K 3,472 K 1304 (Verified) Microsoft Windows

brave.exe < 0.01 48,384 K 67,628 K 15580 (Verified) Brave Software, Inc.

brave.exe < 0.01 37,632 K 58,476 K 12628 (Verified) Brave Software, Inc.

RadeonSoftware.exe < 0.01 149,480 K 24,784 K 16540 (Verified) Advanced Micro Devices, Inc.

svchost.exe < 0.01 14,692 K 16,860 K 4308 (Verified) Microsoft Windows Publisher

brave.exe < 0.01 21,612 K 44,008 K 16472 (Verified) Brave Software, Inc.

SupportAssistAgent.exe 0.01 630,556 K 81,180 K 9800 (Verified) Dell Inc.

flux.exe 0.01 12,148 K 21,788 K 9096 (Verified) F.lux Software LLC

AvastSvc.exe 0.01 294,544 K 39,268 K 3644 (Verified) AVAST Software s.r.o.

brave.exe 0.01 65,396 K 101,476 K 9728 (Verified) Brave Software, Inc.

ServiceShell.exe 0.01 77,776 K 37,280 K 2536 (Verified) Dell Inc

aswidsagent.exe 0.01 46,380 K 45,392 K 11016 (Verified) AVAST Software s.r.o.

brave.exe 0.01 55,552 K 67,476 K 15980 (Verified) Brave Software, Inc.

brave.exe 0.02 75,780 K 102,516 K 12540 (Verified) Brave Software, Inc.

brave.exe 0.02 58,512 K 112,536 K 10584 (Verified) Brave Software, Inc.

explorer.exe 0.02 84,468 K 129,540 K 10468 (Verified) Microsoft Windows

csrss.exe 0.03 2,488 K 5,444 K 7228 (Verified) Microsoft Windows Publisher

AvastUI.exe 0.06 21,412 K 18,940 K 7220 (Verified) AVAST Software s.r.o.

AvastUI.exe 0.07 30,056 K 63,452 K 11816 (Verified) AVAST Software s.r.o.

brave.exe 0.10 21,712 K 35,888 K 12068 (Verified) Brave Software, Inc.

brave.exe 0.11 45,288 K 86,928 K 14140 (Verified) Brave Software, Inc.

DSAPI.exe 0.12 147,980 K 46,504 K 5928 (Verified) PC-Doctor, Inc.

brave.exe 0.15 190,004 K 204,428 K 9688 (Verified) Brave Software, Inc.

dwm.exe 0.19 44,296 K 53,412 K 7884 (Verified) Microsoft Windows

System 0.25 228 K 4,624 K 4

brave.exe 0.40 70,884 K 99,624 K 12576 (Verified) Brave Software, Inc.

Interrupts 0.44 0 K 0 K n/a

procexp64.exe 0.70 58,228 K 86,240 K 8768 (Verified) Microsoft Corporation

audiodg.exe 1.08 34,608 K 40,192 K 2992 (Verified) Microsoft Windows

AvastUI.exe 22.79 24,020 K 21,124 K 17036 (Verified) AVAST Software s.r.o.

System Idle Process 73.34 60 K 8 K 0

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

Registry 120 N/A

smss.exe 516 N/A

csrss.exe 748 N/A

csrss.exe 860 N/A

wininit.exe 884 N/A

services.exe 932 N/A

lsass.exe 952 KeyIso, SamSs, VaultSvc

WUDFHost.exe 672 N/A

svchost.exe 644 PlugPlay

svchost.exe 1056 BrokerInfrastructure, DcomLaunch, Power,

SystemEventsBroker

fontdrvhost.exe 1092 N/A

svchost.exe 1224 RpcEptMapper, RpcSs

svchost.exe 1288 LSM

svchost.exe 1444 BTAGService

svchost.exe 1452 BthAvctpSvc

svchost.exe 1464 bthserv

svchost.exe 1488 NcbService

svchost.exe 1544 TimeBrokerSvc

svchost.exe 1656 DisplayEnhancementService

svchost.exe 1688 hidserv

svchost.exe 1912 EventLog

svchost.exe 1936 lfsvc

atiesrxx.exe 928 AMD External Events Utility

svchost.exe 1244 ProfSvc

svchost.exe 2056 nsi

svchost.exe 2080 Dhcp

svchost.exe 2180 DeviceAssociationService

svchost.exe 2244 NlaSvc

svchost.exe 2284 UserManager

svchost.exe 2336 Themes

svchost.exe 2344 SysMain

wsc_proxy.exe 2352 AvastWscReporter

svchost.exe 2360 EventSystem

svchost.exe 2432 Dnscache

svchost.exe 2476 SENS

igfxCUIService.exe 2500 igfxCUIService2.0.0.0

svchost.exe 2612 Schedule

svchost.exe 2728 netprofm

Memory Compression 2756 N/A

svchost.exe 2796 AudioEndpointBuilder

svchost.exe 2804 FontCache

svchost.exe 2844 camsvc

svchost.exe 1732 Audiosrv

RtkAudioService64.exe 3096 RtkAudioService

svchost.exe 3200 StateRepository

svchost.exe 3236 DusmSvc

svchost.exe 3244 Wcmsvc

svchost.exe 3480 WlanSvc

svchost.exe 3636 ShellHWDetection

AvastSvc.exe 3644 avast! Antivirus

spoolsv.exe 3952 Spooler

svchost.exe 4024 BFE, mpssvc

svchost.exe 1956 LanmanWorkstation

esif_uf.exe 4228 esifsvc

IntelCpHDCPSvc.exe 4236 cplspcon

QcomWlanSrvx64.exe 4244 QcomWlanSrv

svchost.exe 4260 CryptSvc

WavesSysSvc64.exe 4268 WavesSysSvc

svchost.exe 4276 WpnService

svchost.exe 4292 DPS

svchost.exe 4300 stisvc

svchost.exe 4308 Winmgmt

svchost.exe 4316 SstpSvc

armsvc.exe 4340 AdobeARMservice

AdminService.exe 4348 AtherosSvc

svchost.exe 4532 TapiSrv

svchost.exe 4572 CoreMessagingRegistrar

svchost.exe 4624 WdiServiceHost

IntelCpHeciSvc.exe 4704 cphs

svchost.exe 4868 LanmanServer

svchost.exe 4880 iphlpsvc

svchost.exe 4952 RasMan

SearchIndexer.exe 5628 WSearch

svchost.exe 5904 DispBrokerDesktopSvc

svchost.exe 6140 wscsvc

unsecapp.exe 1304 N/A

svchost.exe 4036 SSDPSRV

svchost.exe 4504 CDPSvc

svchost.exe 6184 NgcCtnrSvc

svchost.exe 6684 TokenBroker

svchost.exe 6660 TabletInputService

SecurityHealthService.exe 8608 SecurityHealthService

svchost.exe 8616 InstallService

svchost.exe 9212 PcaSvc

svchost.exe 7692 UsoSvc

DDVRulesProcessor.exe 7440 DDVRulesProcessor

DSAPI.exe 5928 Dell Hardware Support

ServiceShell.exe 2536 DellClientManagementService

msdtc.exe 9968 MSDTC

svchost.exe 6892 WbioSrvc

IAStorDataMgrSvc.exe 7620 IAStorDataMgrSvc

jhi_service.exe 8984 jhi_service

LMS.exe 6288 LMS

svchost.exe 5784 BITS

aswidsagent.exe 11016 aswbIDSAgent

SgrmBroker.exe 12160 SgrmBroker

SupportAssistAgent.exe 9800 SupportAssistAgent

DDVDataCollector.exe 11520 DDVDataCollector

DDVCollectorSvcApi.exe 11408 DDVCollectorSvcApi

svchost.exe 10808 Appinfo

svchost.exe 11924 StorSvc

AvastUI.exe 7220 N/A

svchost.exe 6652 RmSvc

svchost.exe 11224 DsSvc

svchost.exe 12812 WdiSystemHost

dllhost.exe 3412 N/A

csrss.exe 5420 N/A

svchost.exe 9652 QWAVE

csrss.exe 676 N/A

svchost.exe 15792 WinHttpAutoProxySvc

AvastUI.exe 17036 N/A

svchost.exe 17312 LicenseManager

svchost.exe 11632 NgcSvc

csrss.exe 7228 N/A

winlogon.exe 12128 N/A

fontdrvhost.exe 16152 N/A

dwm.exe 7884 N/A

dptf_helper.exe 7776 N/A

RAVBg64.exe 7984 N/A

sihost.exe 13172 N/A

igfxEM.exe 14104 N/A

svchost.exe 7412 CDPUserSvc_10d91462

taskhostw.exe 7332 N/A

explorer.exe 10468 N/A

StartMenu.exe 10220 N/A

svchost.exe 5472 cbdhsvc_10d91462

StartMenuExperienceHost.e 13432 N/A

RuntimeBroker.exe 13352 N/A

schtasks.exe 13028 N/A

conhost.exe 16892 N/A

SearchUI.exe 6200 N/A

RuntimeBroker.exe 7300 N/A

schtasks.exe 14268 N/A

conhost.exe 4960 N/A

RemindersServer.exe 13004 N/A

SkypeBackgroundHost.exe 6836 N/A

ctfmon.exe 11696 N/A

ChsIME.exe 16528 N/A

SecurityHealthSystray.exe 6912 N/A

RtkNGUI64.exe 3044 N/A

RAVBg64.exe 424 N/A

RuntimeBroker.exe 15900 N/A

WavesSvc64.exe 12816 N/A

SkypeApp.exe 16720 N/A

AvastUI.exe 11816 N/A

flux.exe 9096 N/A

RadeonSoftware.exe 16540 N/A

WmiPrvSE.exe 14008 N/A

AMDRSServ.exe 6880 N/A

amdow.exe 1132 N/A

RuntimeBroker.exe 9332 N/A

LockApp.exe 13904 N/A

IAStorIcon.exe 15292 N/A

RuntimeBroker.exe 13152 N/A

SettingSyncHost.exe 10848 N/A

svchost.exe 10268 OneSyncSvc_10d91462,

PimIndexMaintenanceSvc_10d91462,

UnistoreSvc_10d91462, UserDataSvc_10d91462

ShellExperienceHost.exe 10664 N/A

atiw.exe 10932 N/A

svchost.exe 8784 WpnUserService_10d91462

Video.UI.exe 13080 N/A

RuntimeBroker.exe 2260 N/A

AvastUI.exe 14376 N/A

ApplicationFrameHost.exe 12656 N/A

dllhost.exe 668 N/A

svchost.exe 15016 AppXSvc

brave.exe 9688 N/A

brave.exe 15944 N/A

brave.exe 9252 N/A

brave.exe 12068 N/A

brave.exe 11420 N/A

brave.exe 17108 N/A

brave.exe 7896 N/A

brave.exe 12388 N/A

brave.exe 14140 N/A

brave.exe 15708 N/A

audiodg.exe 2992 N/A

WindowsInternal.Composabl 5464 N/A

brave.exe 12540 N/A

brave.exe 15580 N/A

brave.exe 15980 N/A

svchost.exe 13900 lmhosts

brave.exe 2488 N/A

brave.exe 12628 N/A

brave.exe 6472 N/A

brave.exe 15068 N/A

brave.exe 11588 N/A

brave.exe 9728 N/A

brave.exe 12576 N/A

brave.exe 8108 N/A

brave.exe 752 N/A

brave.exe 10584 N/A

brave.exe 16472 N/A

brave.exe 15440 N/A

notepad.exe 2200 N/A

brave.exe 2624 N/A

SearchProtocolHost.exe 6824 N/A

SearchFilterHost.exe 17084 N/A

powershell.exe 15544 N/A

conhost.exe 16252 N/A

tasklist.exe 12220 N/A

WmiPrvSE.exe 10788 N/A

Thank you.

#27
daba

Posted 23 February 2020 - 12:11 PM

Member

Topic Starter
Member
367 posts

Apologies. Forgot this Speccy file. Thank you.

#28
RKinner

Posted 23 February 2020 - 03:37 PM

Malware Expert

Expert
24,624 posts

Process Explorer log is upside down but still usable. Could have used another click on CPU column header.

Problem is:

AvastUI.exe 22.79 24,020 K 21,124 K 17036 (Verified) AVAST Software s.r.o.

You have 3 AvastUI.exe and one of them is using way too much CPU. I only have 2 until I bring up the Avast user interface then I have 3. Appears something is wrong with Avast as even when I have 3 I only see .2 CPU %.

Suggest you try a Repair:

https://support.avas...epair-Antivirus

After you reboot rerun Process Explorer and see how much CPU and how many AvastUI.exe's you have.

If that doesn't help then have Avast run a boot-time scan tonight:

It takes like 6 hours so I usually let it run at night.

Click on the Avast ball. Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan. Click on Install Special Definitions. Click on Run on Next PC Reboot.

Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start. It will tell you where it saves its log. Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

#29
daba

Posted 23 February 2020 - 04:11 PM

Member

Topic Starter
Member
367 posts

Thank you so much. I don't want to tempt providence but the Avast Repair appears to have done the trick. Only one Avast.exe showing now. Fan is quieter. (With just one window open there are however eight brave.exe running. Is that normal?). Thank you again for your help. I really appreciate it.

#30
RKinner

Posted 23 February 2020 - 05:24 PM

Malware Expert

Expert
24,624 posts

Don't know anything about Brave. If it's like Chrome you can go into settings and tell it not to preload:

Scroll to the bottom and click on Advanced.

Now scroll to where it says System and turn off

Continue running background apps when Google Chrome is closed

Under

Privacy and security

turn off:

Preload pages for faster browsing and searching

That should cut down the number of Chrome.exe programs running. Restart Chrome so that the changes take effect.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: windows 10, password login, fake login screen

Hardware → Hardware, Components and Peripherals → Recover the hard drive Started by Andrew Board , 16 Jan 2024 data recovery, hard drive, help and 1 more...	2 replies 655 views	phillpower2 16 Jan 2024
Hardware → Networking → Weird recurring disconnect issue - Windows 10 Started by Rickie , 27 Dec 2022 windows 10, wireless, ethernet and 2 more...	12 replies 4,136 views	Rickie 11 Jan 2023
Answered Operating Systems → Windows 11 → Can I transfer settings from Win10 to Win11 w/Macrium? Started by Phlegmbot , 18 Jan 2022 transferring setting, windows 11 and 2 more... 1 2	Hot 20 replies 5,660 views	Phlegmbot 17 Feb 2022
Security → Virus, Spyware, Malware Removal → startupchecklibrary.dll & winscomrssrv.dll errors Started by Fyrewind , 19 Dec 2020 windows 10, dll error	8 replies 5,686 views	RKinner 24 Dec 2020
Security → Virus, Spyware, Malware Removal → 5 days without virus protection! Started by SharonMurray , 29 Oct 2020 Windows 10, Windows Defender and 2 more... 1 2	Hot 20 replies 8,498 views	SharonMurray 03 Nov 2020