S
shwhjw
Guest
Hi,
I fired up my Event Viewer as my PC crashed (video driver related), but found that I've been forever getting Error 7024 immediately followed by Error 7031 pretty much every minute for the past month at least (the Event Viewer doesn't go back any further).
The details of the errors in the System category:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2020-05-29T17:29:47.700559500Z" />
<EventRecordID>406506</EventRecordID>
<Correlation />
<Execution ProcessID="804" ThreadID="10172" />
<Channel>System</Channel>
<Computer>SIMON-BEAST</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WMIs</Data>
<Data Name="param2">%%3</Data>
<Binary>57004D0053000000</Binary>
</EventData>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2020-05-29T17:29:47.700559500Z" />
<EventRecordID>406507</EventRecordID>
<Correlation />
<Execution ProcessID="804" ThreadID="3940" />
<Channel>System</Channel>
<Computer>SIMON-BEAST</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WMIs</Data>
<Data Name="param2">1</Data>
<Data Name="param3">60000</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
<Binary>57004D0053000000</Binary>
</EventData>
</Event>
No idea how long it's been going on for or what its cause is. The only thing I can find online is a question on answers.microsoft, with the answer being to ask the question here.
I also found this error every minute in the Application category of the Event Viewer, caused by nssm, which there is at least more information on online:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="nssm" />
<EventID Qualifiers="49152">1010</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-05-29T17:44:47.871476800Z" />
<EventRecordID>777368</EventRecordID>
<Channel>Application</Channel>
<Computer>SIMON-BEAST</Computer>
<Security />
</System>
<EventData>
<Data>WMS</Data>
<Data>C:\Windows\wmu3\wlanext.exe</Data>
<Data>The system cannot find the file specified.</Data>
</EventData>
</Event>
It appears to be trying to start a wifi-related exe, but as this is a desktop I suspect the file has never existed (although I do own a wireless adapter but I'm pretty sure it's never been in this PC). Googling it suggests that uninstalling Malwarebytes may help, but I'll post this first as I'll likely need to restart after.
It appears that my "WMI Providers" service is at C:\Windows\wmu3\ZeroConfigService.exe. Googling that suggests that it is not vital, and is only related to wireless devices anyway, but only when found in the Program Files directory. As it is int he Windows directory, it is supposedly malicious. I will delete it and stop the WMI service from starting. Hopefully that'll fix it but I'll post this anyway in case it helps anyone in future.
More...
I fired up my Event Viewer as my PC crashed (video driver related), but found that I've been forever getting Error 7024 immediately followed by Error 7031 pretty much every minute for the past month at least (the Event Viewer doesn't go back any further).
The details of the errors in the System category:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2020-05-29T17:29:47.700559500Z" />
<EventRecordID>406506</EventRecordID>
<Correlation />
<Execution ProcessID="804" ThreadID="10172" />
<Channel>System</Channel>
<Computer>SIMON-BEAST</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WMIs</Data>
<Data Name="param2">%%3</Data>
<Binary>57004D0053000000</Binary>
</EventData>
</Event>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2020-05-29T17:29:47.700559500Z" />
<EventRecordID>406507</EventRecordID>
<Correlation />
<Execution ProcessID="804" ThreadID="3940" />
<Channel>System</Channel>
<Computer>SIMON-BEAST</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WMIs</Data>
<Data Name="param2">1</Data>
<Data Name="param3">60000</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
<Binary>57004D0053000000</Binary>
</EventData>
</Event>
No idea how long it's been going on for or what its cause is. The only thing I can find online is a question on answers.microsoft, with the answer being to ask the question here.
I also found this error every minute in the Application category of the Event Viewer, caused by nssm, which there is at least more information on online:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="nssm" />
<EventID Qualifiers="49152">1010</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-05-29T17:44:47.871476800Z" />
<EventRecordID>777368</EventRecordID>
<Channel>Application</Channel>
<Computer>SIMON-BEAST</Computer>
<Security />
</System>
<EventData>
<Data>WMS</Data>
<Data>C:\Windows\wmu3\wlanext.exe</Data>
<Data>The system cannot find the file specified.</Data>
</EventData>
</Event>
It appears to be trying to start a wifi-related exe, but as this is a desktop I suspect the file has never existed (although I do own a wireless adapter but I'm pretty sure it's never been in this PC). Googling it suggests that uninstalling Malwarebytes may help, but I'll post this first as I'll likely need to restart after.
It appears that my "WMI Providers" service is at C:\Windows\wmu3\ZeroConfigService.exe. Googling that suggests that it is not vital, and is only related to wireless devices anyway, but only when found in the Program Files directory. As it is int he Windows directory, it is supposedly malicious. I will delete it and stop the WMI service from starting. Hopefully that'll fix it but I'll post this anyway in case it helps anyone in future.
More...