Autoruns : Crazy Filestamps

December 4, 2017, 2:32 pm

≪ Previous: Autoruns : [BUG REPORT] v13.80 problem

Author: Soup
Subject: Crazy Filestamps
Posted: 04 December 2017 at 10:32pm

Timestamps: 1914, 2032, 1968, 2000, 2003, etc. not withinexpected range.

Incorrect timestamps and fileinformation is not a bug within AutoRun. It is the data in the registryor wherever it's getting the data.

If you validate the image source and the data is current andrelative to your build, then you shouldconsider it good. I'm sure there will be exceptions, but you should expect these things to have a valid publisher.

With very few exceptions you should expect every file tohave a publisher. Those that do not should be looked into further. Not alwaysguaranteed to be fake programs.

Bad timestamps and file information displayed by AutoRunshould be validated. Validated by a right-clickingthe item in AutoRun, select jump to the image.The file manager will go to the fileimage And then select properties of the file details tab. Check thecertificate.

I believe the information that we see in this erroneous information comes from Microsoft's testing.

Would love to hear from somebody who thinks otherwise.

↧

Autoruns : Crazy Filestamps

December 4, 2017, 9:45 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: Autoruns : Crazy Filestamps

Author: Cyberhash
Subject: Crazy Filestamps
Posted: 05 December 2017 at 5:45am

Hi Soup,

Yes i am aware of how to check the proper file details for each individual item manually, rather than replying on the data shown by Autoruns. I guess that it does actually retrieve the data from the registry , but then that can also be problematic. If this is old data that is stored via registry then Autoruns could also pull up details of files that have been removed from the system but still appear in the registry.

Just find it strange that a MS tool (Autoruns) can't retrieve a current list of the files and their proper filestamps on demand, when the tool is ran Ouch

↧

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 5, 2017, 5:32 am

≫ Next: Autoruns : Highlighted colors?

≪ Previous: Autoruns : Crazy Filestamps

Author: ftg785
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 05 December 2017 at 1:32pm

i get it, thank you.

↧

Autoruns : Highlighted colors?

December 5, 2017, 7:09 am

≫ Next: Process Explorer : Showing Chinese characters

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

Author: azdayton
Subject: Highlighted colors?
Posted: 05 December 2017 at 3:09pm

Purple are group headings, so that items from the same folder or registry key are grouped together.

You can double-click them to open that Key/Folder.

The icon on the left shows the type of group, ie. Folder or Registry Key.

↧

Process Explorer : Showing Chinese characters

December 5, 2017, 8:13 am

≫ Next: Miscellaneous Utilities : Sysinternals programs will not run

≪ Previous: Autoruns : Highlighted colors?

Author: mMm
Subject: Showing Chinese characters
Posted: 05 December 2017 at 4:13pm

I have the same issue on Windows 10.

Did you resolve it?

↧

Miscellaneous Utilities : Sysinternals programs will not run

December 5, 2017, 3:53 pm

≫ Next: Autoruns : ProcMon closed,deleted while in safe mode no I/N

≪ Previous: Process Explorer : Showing Chinese characters

Author: JosephWebber
Subject: Sysinternals programs will not run
Posted: 05 December 2017 at 11:53pm

I have recently been infected with malware which crashes PDF/ebook reader programs and RAR software as soon as they start, and which also prevents any Sysinternals programs from running. Malwarebytes executes but has not found anything relevant.

The PC runs Windows 7 and is offline, ie it has no network card, and the infection clearly came via my Windows 10 laptop.

Any ideas on how to proceed?

May thanks.

↧

Autoruns : ProcMon closed,deleted while in safe mode no I/N

December 5, 2017, 6:25 pm

≫ Next: PsTools : PsExec & -i To Interact w/Desktop

≪ Previous: Miscellaneous Utilities : Sysinternals programs will not run

Author: LeslieL
Subject: ProcMon closed,deleted while in safe mode no I/N
Posted: 06 December 2017 at 2:25am

Hello everyone,

I was working in Safe Mode with no internet services, Process Monitor was running. While researching, Process Monitor was closed and completely deleted from my laptop. How can I figure out what happened? Several incidents lead me to believe that my laptop is really a virtual machine of some sort... many odd things lead me to believe that I am not really Admin and sole user of this machine. Windows 8.1. I don't know if it's normal, but everything in file manager is listed as residing on my desktop. Unsure if this is a setting somewhere or is for reals! Lots of NTUS'ER log files. Is it possible that I have been looped into to someone's AD? I find references to sending data via Microsoft Account (I am - or was - set up as a local machine with no MS Account). Recently a pop up window appeared (had previously blocked pop ups, btw, and that setting got changed), from giantCOW.com. The message said "You have everything you need to create a powerhouse website..... The message directed me to login to my back office, go to My Products & Services, and click some icon on my web hosting account. Could it be that my machine is being used by someone else to do whatever it is they want to do? My screen often changes. Whatever I am looking at stays the same, for example QuickBooks, but the colors change. Also, File Manager shows that my files are "Available Offline". What does that mean? I thought I was a stand alone local machine. Checking File Manager today, I noticed that my MicroSoft Office software was reinstalled as of today. Odd. It was installed a few years back when I purchased this laptop. So, what should I do to resolve all of this?

Thank you all so much,

Leslie

↧

PsTools : PsExec & -i To Interact w/Desktop

December 5, 2017, 11:12 pm

≫ Next: Utilities Suggestions : Zimbra Open Source Backup Utility

≪ Previous: Autoruns : ProcMon closed,deleted while in safe mode no I/N

Author: DontLookAtMe
Subject: PsExec & -i To Interact w/Desktop
Posted: 06 December 2017 at 7:12am

Finally I've found how to run GUI in Remote Desktop! Thx for this topic.

Sorry if its annoying opening few months old thread but..

I'm facing with problem, that Session ID of remote desktop is changing dynamically after every new login. I've read many threads, articles on the web and it's sad to know that I can't fixed Session ID for specific user.

What I want to do?
It's Simple. Just run batch file on my Terminal Server which execute automation over this station.

But because my tests including tests of GUI application, I need to know the Session ID before I exec the PsExec command.

Do you have any ideas how to "hack" this?

↧

Utilities Suggestions : Zimbra Open Source Backup Utility

December 6, 2017, 4:45 am

≫ Next: Troubleshooting : Constant writing to WIATRACE.LOG

≪ Previous: PsTools : PsExec & -i To Interact w/Desktop

Author: mariahirthe
Subject: Zimbra Open Source Backup Utility
Posted: 06 December 2017 at 12:45pm

Download Zimbra OpenSource Backup Utility, which can helps you to converts multipleZimbra files to PST, EML, PDF, MSG, MBOX, and NSF file formats withattachments. The software has efficiency to convert every item includingemails, calendars, attachments, tasks, notes etc. The software comes with anoption to preview their selected files before converting them to selected fileformats. You can also try free demo version of software.

↧

Troubleshooting : Constant writing to WIATRACE.LOG

December 6, 2017, 2:10 pm

≫ Next: Troubleshooting : Constant writing to WIATRACE.LOG

≪ Previous: Utilities Suggestions : Zimbra Open Source Backup Utility

Author: Illiman Silve
Subject: Constant writing to WIATRACE.LOG
Posted: 06 December 2017 at 10:10pm

Not using any Epson printers

↧

Troubleshooting : Constant writing to WIATRACE.LOG

December 6, 2017, 5:28 pm

≫ Next: BgInfo : Wallpaper SLIDESHOW

≪ Previous: Troubleshooting : Constant writing to WIATRACE.LOG

Author: Russell
Subject: Constant writing to WIATRACE.LOG
Posted: 07 December 2017 at 1:28am

Use Process Monitor and Filter on Operation is Write File. You Should be able to then see the Process that is Writing to WIATRACE.LOG. Also if you have Symbols setup in Process Monitor You can look at the Stack for the thread or threads that are involved to give you more info on whats going on.

↧

BgInfo : Wallpaper SLIDESHOW

December 7, 2017, 8:35 am

≫ Next: Miscellaneous Utilities : SDelete hangs at 100%

≪ Previous: Troubleshooting : Constant writing to WIATRACE.LOG

Author: martyfreedom
Subject: Wallpaper SLIDESHOW
Posted: 07 December 2017 at 4:35pm

No, it doesn't work that way. It creates a copy of the current background then stamps the text data on it. It then uses that newly-created image as the background. It isn't text that hovers above the background or slideshow images.

↧

Miscellaneous Utilities : SDelete hangs at 100%

December 7, 2017, 8:52 am

≫ Next: Process Explorer : Showing Chinese characters

≪ Previous: BgInfo : Wallpaper SLIDESHOW

Author: UncleT
Subject: SDelete hangs at 100%
Posted: 07 December 2017 at 4:52pm

Until a fix is posted https://web.archive.org/web/20160606061205/https://technet.microsoft.com/en-us/sysinternals/sdelete.aspx has version 1.61 from a site that many would consider reliable.

↧

Process Explorer : Showing Chinese characters

December 7, 2017, 11:56 am

≫ Next: Troubleshooting : Constant writing to WIATRACE.LOG

≪ Previous: Miscellaneous Utilities : SDelete hangs at 100%

Author: Marcus123
Subject: Showing Chinese characters
Posted: 07 December 2017 at 7:56pm

No. I don't use that computer very often anymore. I never found an answer and I stopped searching a long time ago. Sorry...

↧

Troubleshooting : Constant writing to WIATRACE.LOG

December 7, 2017, 12:11 pm

≫ Next: Troubleshooting : Constant writing to WIATRACE.LOG

≪ Previous: Process Explorer : Showing Chinese characters

Author: Illiman Silve
Subject: Constant writing to WIATRACE.LOG
Posted: 07 December 2017 at 8:11pm

The writing process is System, which isn't very helpful. I've done a lot of digging on this, and the root culprit is the Windows Image Acquisition Service (STISVC), specifically the wiaservc.dll mdule. Stopping the service stops the writes.

This is what is logged when you start STISVC. It seems to initialize fine, but goes haywire later with thousands of those SchedulerThread WAIT_TIMEOUT errors. Seems to me like a bug in the STISVC/wiaservc.dll module.

**************** Started trace for Module: [wiaservc.dll] in Executable [svchost.exe] ProcessID: [14000] at 2017/12/07 14:46:14:229 ****************

WIA: 14000.10388 0 80000000 0 [wiaservc.dll] SchedulerInitialize, Work item scheduler initialized

WIA: 14000.10388 0 0 0 [wiaservc.dll] SCMControlHandler::SCMControlHandler, Created control thread Id 22480

WIA: 14000.22480 0 0 0 [wiaservc.dll] SCMControlHandler::ControlThread, Requests queue empty, control thread entering sleep...

WIA: 14000.7420 0 0 0 [wiaservc.dll] SCMControlQueue::Push, SERVICE_CONTROL_POWEREVENT (control: 13, event type: 32787): 24 bytes

WIA: 14000.7420 0 0 0 [wiaservc.dll] SCMControlQueue::Push, Adding control request to queue (control: 13, event type: 32787)

WIA: 14000.7420 0 0 0 [wiaservc.dll] SCMControlHandler::ControlFunction, Signaling control thread to resume...

WIA: 14000.7420 0 0 0 [wiaservc.dll] SCMControlHandler::ControlFunction, Control function (control: 13, event type: 32787) returning

WIA: 14000.22480 0 0 0 [wiaservc.dll] SCMControlHandler::ControlThread, Resuming control thread...

WIA: 14000.22480 0 0 0 [wiaservc.dll] SCMControlQueue::Pop, Control request (control: 13, event type: 32787) detached from queue

WIA: 14000.22480 0 0 0 [wiaservc.dll] SCMControlHandler::ControlThread, Processing control request (control: 13, event type: 32787)...

WIA: 14000.22480 0 2 0 [wiaservc.dll] Dispatcher::ProcessEvent, System event received: dwControl 13, dwEventType 32787, lpEventData: 0x000001B5DD507270

WIA: 14000.22480 0 0 0 [wiaservc.dll] DeviceClassEnumeratorHandler::ProcessEvent, Processing system event, control code 13, event type 32787..

WIA: 14000.22480 0 0 0 [wiaservc.dll] DeviceClassEnumeratorHandler::ProcessEvent, Processing system event control code 13, event type 32787, completed with with hr 0x00000000

WIA: 14000.22480 0 2 0 [wiaservc.dll] PowerEventHandler::ProcessEvent, Message from Power Management: PBT_POWERSETTINGCHANGE

WIA: 14000.22480 0 2 0 [wiaservc.dll] PowerEventHandler::ProcessEvent, Leaving Connected Standby...

WIA: 14000.22480 0 0 0 [wiaservc.dll] DeviceListManager::InitializeWSDChallenge, WSD Challenge successfully initiated (thread: 17972)

WIA: 14000.17972 0 80000000 0 [wiaservc.dll] InitializeWSDChallenge, Intializing WSD Challenge for {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}..

WIA: 14000.17972 0 80000000 0 [wiaservc.dll] InitializeWSDChallenge, Intialize WSD Challenge...

WIA: 14000.22480 0 8 0 [wiaservc.dll] RegistryDeviceEnumerator::Refresh, An error occured in RegistryDeviceEnumerator when enumerating the subkeys for (SYSTEM\CurrentControlSet\Control\StillImage\FakeDevices)

WIA: 14000.17972 0 80000000 0 [wiaservc.dll] InitializeWSDChallenge, Load WSD Challenge DLL...

WIA: 14000.10388 0 80000000 0 [wiaservc.dll] StartFactories, StartFactories, Success

WIA: 14000.22480 0 80000000 0 [wiaservc.dll] DeviceListManager::isInList, Device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000) was not found in the device list

WIA: 14000.22480 0 8 0 [wiaservc.dll] DeviceInfoSet::GetDeviceStatus, DevNode status for device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000): 0x0180600A, problem number: 0

WIA: 14000.22480 0 8 0 [wiaservc.dll] DeviceInfoSet::MapCMStatusToDeviceState, DN_STARTED (0x00000008)

WIA: 14000.22480 0 80000000 0 [wiaservc.dll] DeviceListManager::Enumerate, The DeviceListManager is done enumerating devices

WIA: 14000.22480 0 8 0 [wiaservc.dll] DeviceListManager::LoadUnloadDrivers, Pending operation on device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000)

WIA: 14000.10388 0 8 0 [wiaservc.dll] RegistryDeviceEnumerator::Refresh, An error occured in RegistryDeviceEnumerator when enumerating the subkeys for (SYSTEM\CurrentControlSet\Control\StillImage\FakeDevices)

WIA: 14000.10388 0 0 0 [wiaservc.dll] USDWrapper::RefreshSettings, Refreshing USDWrapper settings for (fi-5530C2dj)

WIA: 14000.10388 16 0 0 [wiaservc.dll] USDWrapper::RefreshSettings, Updating the current settings for (fi-5530C2dj) from Registry

WIA: 14000.10388 16 0 0 [wiaservc.dll] USDWrapper::RefreshSettings, (fi-5530C2dj) is a WIA device (internal type: 0x00000031)

WIA: 14000.10388 16 8 0 [wiaservc.dll] DeviceInfoSet::GetDeviceStatus, DevNode status for device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000): 0x0180600A, problem number: 0

WIA: 14000.10388 16 8 0 [wiaservc.dll] DeviceInfoSet::MapCMStatusToDeviceState, DN_STARTED (0x00000008)

WIA: 14000.10388 16 4 0 [wiaservc.dll] USDWrapper::RefreshSettings, Device state for (fi-5530C2dj) remains 0x00000004

WIA: 14000.10388 16 4 0 [wiaservc.dll] USDWrapper::RefreshSettings, Device state 0x00000001 means 'disabled', 0x00000002 'removed', 0x00000004 'active'

WIA: 14000.10388 16 4 0 [wiaservc.dll] USDWrapper::RefreshSettings, Previous PnP identifier of (fi-5530C2dj): \\?\usb#vid_04c5&pid_114a#5&2511d38f&1&5#{6bdd1fc6-810f-11d0-bec7-08002be2092f}

WIA: 14000.10388 16 4 0 [wiaservc.dll] USDWrapper::RefreshSettings, New PnP identifier for (fi-5530C2dj): \\?\usb#vid_04c5&pid_114a#5&2511d38f&1&5#{6bdd1fc6-810f-11d0-bec7-08002be2092f}

WIA: 14000.10388 16 0 0 [wiaservc.dll] DeviceListManager::GetDevicesFromEnumerator, DEV_MAN_ENUM_FLAG_STARTUP for device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000) (fi-5530C2dj)

WIA: 14000.10388 16 0 0 [wiaservc.dll] DeviceListManager::GetDevicesFromEnumerator, WRAPPER_FLAGS_THROW_DISCONNECT set for device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000)

WIA: 14000.10388 16 80000000 0 [wiaservc.dll] DeviceListManager::Enumerate, The DeviceListManager is done enumerating devices

WIA: 14000.10388 16 8 0 [wiaservc.dll] DeviceListManager::DeviceCallback, The device (fi-5530C2dj) seems to be active - its driver can be used

WIA: 14000.22480 16 0 0 [wiaservc.dll] USDWrapper::RefreshSettings, Refreshing USDWrapper settings for (fi-5530C2dj)

WIA: 14000.22480 16 0 0 [wiaservc.dll] USDWrapper::RefreshSettings, Updating the current settings for (fi-5530C2dj) from Registry

WIA: 14000.22480 16 0 0 [wiaservc.dll] USDWrapper::RefreshSettings, (fi-5530C2dj) is a WIA device (internal type: 0x00000031)

WIA: 14000.22480 16 8 0 [wiaservc.dll] DeviceInfoSet::GetDeviceStatus, DevNode status for device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000): 0x0180600A, problem number: 0

WIA: 14000.22480 16 8 0 [wiaservc.dll] DeviceInfoSet::MapCMStatusToDeviceState, DN_STARTED (0x00000008)

WIA: 14000.22480 16 4 0 [wiaservc.dll] USDWrapper::RefreshSettings, Device state for (fi-5530C2dj) remains 0x00000004

WIA: 14000.22480 16 4 0 [wiaservc.dll] USDWrapper::RefreshSettings, Device state 0x00000001 means 'disabled', 0x00000002 'removed', 0x00000004 'active'

WIA: 14000.22480 16 4 0 [wiaservc.dll] USDWrapper::RefreshSettings, Previous PnP identifier of (fi-5530C2dj): \\?\usb#vid_04c5&pid_114a#5&2511d38f&1&5#{6bdd1fc6-810f-11d0-bec7-08002be2092f}

WIA: 14000.22480 16 4 0 [wiaservc.dll] USDWrapper::RefreshSettings, New PnP identifier for (fi-5530C2dj): \\?\usb#vid_04c5&pid_114a#5&2511d38f&1&5#{6bdd1fc6-810f-11d0-bec7-08002be2092f}

WIA: 14000.22480 16 8 0 [wiaservc.dll] DeviceListManager::ProcessDeviceArrival, Device (fi-5530C2dj) state is currently marked 0x00000004

WIA: 14000.22480 16 8 0 [wiaservc.dll] DeviceListManager::ProcessDeviceArrival, Device (fi-5530C2dj) (re)signaled as arrived..

WIA: 14000.22480 16 8 0 [wiaservc.dll] DeviceListManager::ProcessDeviceArrival, Attempting to (re)load the driver for device (fi-5530C2dj)..

WIA: 14000.22480 16 8 0 [wiaservc.dll] DeviceListManager::ProcessDeviceArrival, PnP Id: \\?\usb#vid_04c5&pid_114a#5&2511d38f&1&5#{6bdd1fc6-810f-11d0-bec7-08002be2092f}

WIA: 14000.10388 16 0 0 [wiaservc.dll] USDWrapper::STI_Initialize, (fi-5530C2dj) completed IStiUSD::Initialize returning hr 0x00000000

WIA: 14000.10388 16 0 0 [wiaservc.dll] USDWrapper::STI_GetCapabilities, (fi-5530C2dj) completed IStiUSD::GetCapabilities returning hr 0x00000000

WIA: 14000.10388 16 0 0 [wiaservc.dll] USDWrapper::StartDeviceNotifications, The device (fi-5530C2dj) appears to support device notifications

WIA: 14000.10388 16 0 0 [wiaservc.dll] StiLockMgr::CreateLockInfo, StiLockMgr::CreateLockInfo, Lock holding time set to 0 for device {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000

WIA: 14000.10388 16 0 0 [wiaservc.dll] USDWrapper::StartDeviceNotifications, DeviceEvent [0x0] for (fi-5530C2dj) reset to be scheduled

WIA: 14000.10388 16 0 0 [wiaservc.dll] USDWrapper::StartDeviceNotifications, Started receiving notifications for device (fi-5530C2dj)

WIA: 14000.23936 16 0 0 [wiaservc.dll] SchedulerThread, SchedulerThread after calling WaitForMultipleObjects deErr = 0x00000000

WIA: 14000.22480 16 4 0 [wiaservc.dll] USDWrapper::LoadDriver, Unloading driver for (fi-5530C2dj) to reload

WIA: 14000.22480 16 0 0 [wiaservc.dll] USDWrapper::UnloadDriver, The WIA service is preparing to unload the driver for (fi-5530C2dj)

[continued]

Edited by Illiman Silve - 10 hours 39 minutes ago at 8:13pm

↧

Troubleshooting : Constant writing to WIATRACE.LOG

December 7, 2017, 12:12 pm

≫ Next: PsTools : Make a Shortcut to Win Defender in Task Scheduler?

≪ Previous: Troubleshooting : Constant writing to WIATRACE.LOG

Author: Illiman Silve
Subject: Constant writing to WIATRACE.LOG
Posted: 07 December 2017 at 8:12pm

WIA: 14000.22480 16 0 0 [wiaservc.dll] USDWrapper::UnloadDriver, The WIA service is preparing to unload the driver for (fi-5530C2dj)

WIA: 14000.22480 16 0 0 [wiaservc.dll] RemoveWorkItem, Schedule::RemoveWorkItem (1)

WIA: 14000.22480 16 0 0 [wiaservc.dll] SCHED_ITEM::Close, DeviceEvent [0x0] marked to be closed

WIA: 14000.10388 16 0 0 [wiaservc.dll] DeviceInfoSet::SetWiaDeviceTypeProperty, DEVPKEY_WIA_DeviceType for device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000) set to 1

WIA: 14000.10388 16 4 0 [wiaservc.dll] USDWrapper::LoadDriver, Driver for (fi-5530C2dj) is currently loaded

WIA: 14000.10388 16 4 0 [wiaservc.dll] DeviceInfoSet::RegisterDeviceNotificationW, Registered for PnP notifications on device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000)

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: Internal

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: @wiaacmgr.exe,-101

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: Internal

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: @wiaacmgr.exe,-101

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: Adobe Acrobat

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: @WFSR.DLL,-25105

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: Internal

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: Not Used

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: PaperStream Capture

WIA: 14000.10388 16 0 0 [wiaservc.dll] CEventNotifier::RestoreDevPersistentCBs, Restoring CBs for Device: NULL, Program: Photoshop

WIA: 14000.10388 16 2 0 [wiaservc.dll] SCMControlHandler::UpdateServiceStatus, Updating service status. CurrentState=SERVICE_RUNNING, StateCode=4, WaitHint=0

WIA: 14000.10388 16 80000000 0 [wiaservc.dll] WiaService::Run, The WIA service is now running.

WIA: 14000.10388 16 80000000 0 [wiaservc.dll] WiaService::CheckForActivityAndShutdown, Not shutting down service because 1 devices are installed

WIA: 14000.22480 47 4 0 [wiaservc.dll] USDWrapper::UnloadDriver, Driver for (fi-5530C2dj) is now unloaded

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::STI_Initialize, (fi-5530C2dj) completed IStiUSD::Initialize returning hr 0x00000000

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::STI_GetCapabilities, (fi-5530C2dj) completed IStiUSD::GetCapabilities returning hr 0x00000000

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::StartDeviceNotifications, The device (fi-5530C2dj) appears to support device notifications

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::StartDeviceNotifications, DeviceEvent [0x0] for (fi-5530C2dj) reset to be scheduled

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::StartDeviceNotifications, Started receiving notifications for device (fi-5530C2dj)

WIA: 14000.23936 47 0 0 [wiaservc.dll] SchedulerThread, SchedulerThread after calling WaitForMultipleObjects deErr = 0x00000000

WIA: 14000.22480 47 0 0 [wiaservc.dll] DeviceInfoSet::SetWiaDeviceTypeProperty, DEVPKEY_WIA_DeviceType for device ({6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000) set to 1

WIA: 14000.22480 47 4 0 [wiaservc.dll] USDWrapper::LoadDriver, Driver for (fi-5530C2dj) is currently loaded

WIA: 14000.22480 47 8 0 [wiaservc.dll] DeviceListManager::ProcessDeviceArrival, We are not generating a CONNECT event for device (fi-5530C2dj), because it has already been done

WIA: 14000.22480 47 8 0 [wiaservc.dll] DeviceListManager::DeviceCallback, The device (fi-5530C2dj) seems to be active - its driver can be used

WIA: 14000.22480 47 4 0 [wiaservc.dll] USDWrapper::LoadDriver, Driver for (fi-5530C2dj) is already loaded

WIA: 14000.22480 47 4 0 [wiaservc.dll] USDWrapper::LoadDriver, Driver for (fi-5530C2dj) is currently loaded

WIA: 14000.22480 47 2 0 [wiaservc.dll] PowerEventHandler::DeviceCallback, Notifying (fi-5530C2dj) of WIA_EVENT_POWER_RESUME (4)

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::WIA_drvNotifyPnpEvent, Power management: disable system initiated sleep to call IWiaMiniDrv::drvNotifyPnPEvent for (fi-5530C2dj)...

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::WIA_drvNotifyPnpEvent, The WIA service is preparing to call IWiaMiniDrv::drvNotifyPnpEvent from the driver for (fi-5530C2dj) ...

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::WIA_drvNotifyPnpEvent, The WIA service is calling IWiaMiniDrv::drvNotifyPnpEvent from the driver (fi-5530C2dj) ...

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::WIA_drvNotifyPnpEvent, (fi-5530C2dj) completed IWiaMiniDrv::drvNotifyPnpEvent returning hr 0x00000000

WIA: 14000.22480 47 0 0 [wiaservc.dll] USDWrapper::WIA_drvNotifyPnpEvent, Power management: restore system initiated sleep...

WIA: 14000.22480 47 0 0 [wiaservc.dll] SCMControlQueue::ControlRequest::~ControlRequest, Control request (control: 13, event type: 32787) deleted

WIA: 14000.22480 47 0 0 [wiaservc.dll] SCMControlHandler::ControlThread, Requests queue empty, control thread entering sleep...

WIA: 14000.23936 1016 0 0 [wiaservc.dll] SchedulerThread, SchedulerThread after calling WaitForMultipleObjects deErr = 0x00000102 (WAIT_TIMEOUT)

↧

PsTools : Make a Shortcut to Win Defender in Task Scheduler?

December 7, 2017, 1:26 pm

≫ Next: Troubleshooting : Constant writing to WIATRACE.LOG

≪ Previous: Troubleshooting : Constant writing to WIATRACE.LOG

Author: mb1280
Subject: Make a Shortcut to Win Defender in Task Scheduler?
Posted: 07 December 2017 at 9:26pm

Someone recommended PSTools for something similar. I don't know if this is possible.

Related / pertinent info:

Windows Shortcuts | Technoforum . . . TASKSCHD.MSC or CONTROL SCHEDTASKS . . . opens Schedule Tasks manager

C:\Windows\System32\taskschd.msc

C:\Windows\System32\control.exe schedtasks

Is there a way to specify the Path to open? . . . ie. How do you make a Shortcut that opens to . . .

Task Scheduler (Local) / Task Scheduler Library / Microsoft / Windows / Windows Defender

alternatively,

Can you get these four Events in Win Defender show up with the others in the main window, in . . . Task Scheduler (Local) / Task Scheduler Library . . . ?

↧

Troubleshooting : Constant writing to WIATRACE.LOG

December 7, 2017, 3:07 pm

≫ Next: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

≪ Previous: PsTools : Make a Shortcut to Win Defender in Task Scheduler?

Author: Dax1792
Subject: Constant writing to WIATRACE.LOG
Posted: 07 December 2017 at 11:07pm

Seems to be a Fujitsu scanner.

Do you have the latest software? http://imagescanner.fujitsu.com/global/dl/win-10-fi-5530c2.html

↧

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

December 7, 2017, 3:33 pm

≫ Next: Troubleshooting : Constant writing to WIATRACE.LOG

≪ Previous: Troubleshooting : Constant writing to WIATRACE.LOG

Author: Pornstar
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 07 December 2017 at 11:33pm

Hi Andre and others!

My girlfriends laptop having issues, with the process Ntoskrnl.exe running 4 threads at a total of 100% CPU.

It's going on for 3 days nonstop already.
Tried to deactivate services, downloaded new drivers etc. etc.

Hope Andre, you can tell me what the problem is or someone else, thanks!

I've uploaded the xperf logs at my Gdrive:

https://drive.google.com/open?id=13Qdhet6RGKPKIr2FBNIWPBAZ5amJy65N

↧

Troubleshooting : Constant writing to WIATRACE.LOG

December 7, 2017, 3:34 pm

≫ Next: Autoruns : Wow64 not found

≪ Previous: Troubleshooting : Need help with Ntoskrnl thread causing high CPU

Author: Russell
Subject: Constant writing to WIATRACE.LOG
Posted: 07 December 2017 at 11:34pm

Was just fixing to say the same thing. I agree with Dax. Noticed the references in the log to fi-5530C2dj which is a FUJITSU Document Scanner fi-5530C2

↧