utility to list all processes that start over a period of time

dimension99 · 8 Oct 2019 at 11:06

Hi Guys

I have an issue with Windows 10 1903, where explorer goes sluggish and then restarts, this seems to happen intermittently, and I have struggled to identify the cause.

Looking at the event log I can see that there are several fault bucket reports at the time of the crash, the first one allays seems to point to fallout4.exe which I cant understand as it has been weeks since I last played this game. I have checked that bethesda launcher has no services or scheduled tasks to check for updates and cant see it open during or after the crash and steam is shutdown.

What I need to do is monitor all processes that are started over a period of time, around an hour should be long enough for it to happen, I can then see if there is a program launching itself or fallout4.exe to check for updates, but I cant seem to find one. (i dont believe it is fallout4.exe)

I have been using process explorer, but it does not log or keep history, and sysinternals does not seem to have any utility that does.
Does anyone know of a utility that can do this?

This is the error, but the folder listed for more detail does not exist.

Fault bucket , type 0
Event Name: BEX64
Response: Not available
Cab Id: 0

Problem signature:
P1: Fallout4.exe
P2: 1.10.138.0
P3: 5cf7dfc9
P4: MSVCR110.dll
P5: 11.0.51106.1
P6: 5098826e
P7: 000000000006d4e3
P8: c0000409
P9: 0000000000000005
P10:

Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERE430.tmp.WERInternalMetadata.xml

These files may be available here:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Fallout4.exe_b91ede716d1ffaf2b638b57e6ded8bcc671481_2deb7684_edf94e48-b92d-4f0b-980b-ee817606ba42

Analysis symbol:
Rechecking for solution: 0
Report Id: a164ae0b-e4c2-404e-8650-47c8512c1361
Report Status: 100
Hashed bucket:
Cab Guid: 0

dimension99 · 8 Oct 2019 at 11:27

Ok a little further, I created the WER directory and it was populated with data.
50 process crash dump error reports all at the 10:30 this morning( basically everything which restarted when explorer.exe restarted). fallout4.exe was one of them, but steam has been shutdown for at least a day yet seems to be indicated with fallout4.exe ?

others are
xbox game app, oculus dash.exe Onedrive(not running) outlook 2016
Will close them one-by-one and see if it stops

Version=1
EventType=BEX64
EventTime=132114113673416444
ReportType=2
Consent=1
UploadTime=132150006134108787
ReportStatus=100
ReportIdentifier=de31a5ea-5119-494c-bc44-ae464af1ef0b
IntegratorReportIdentifier=0c23d73f-b1a8-443f-be70-f3a05a56bd9c
Wow64Host=34404
NsAppName=Fallout4.exe
OriginalFilename=Fallout4.exe
AppSessionGuid=00005958-0001-0026-4497-647a055dd501
TargetAppId=W:0006dc159769e6f61a3362785bc9bff5f15b00000904!0000b80c0a99dfc5263d05a7db73bb0f1d434b4fe3e1!Fallout4.exe
TargetAppVer=2019//06//05:15:29:13!0!Fallout4.exe
BootId=4294967295
ServiceSplit=2078142769
TargetAsId=1428
UserImpactVector=808457008
IsFatal=1
EtwNonCollectReason=1
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=Fallout4.exe
Sig[1].Name=Application Version
Sig[1].Value=1.10.138.0
Sig[2].Name=Application Timestamp
Sig[2].Value=5cf7dfc9
Sig[3].Name=Fault Module Name
Sig[3].Value=MSVCR110.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=11.0.51106.1
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=5098826e
Sig[6].Name=Exception Offset
Sig[6].Value=000000000006d4e3
Sig[7].Name=Exception Code
Sig[7].Value=c0000409
Sig[8].Name=Exception Data
Sig[8].Value=0000000000000005
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=10.0.18362.2.0.0.256.48
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=f031
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=f0317107e724e4967e279556f2d19d75
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=fae3
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=fae31a5588d636dd020df3f6cb994f55
UI[2]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4.exe
LoadedModule[0]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4.exe
LoadedModule[1]=C:\WINDOWS\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\WINDOWS\System32\KERNEL32.DLL
LoadedModule[3]=C:\WINDOWS\System32\KERNELBASE.dll
LoadedModule[4]=C:\WINDOWS\System32\USER32.dll
LoadedModule[5]=C:\WINDOWS\System32\win32u.dll
LoadedModule[6]=C:\WINDOWS\System32\GDI32.dll
LoadedModule[7]=C:\WINDOWS\System32\gdi32full.dll
LoadedModule[8]=C:\WINDOWS\System32\msvcp_win.dll
LoadedModule[9]=C:\WINDOWS\System32\ucrtbase.dll
LoadedModule[10]=C:\WINDOWS\System32\ADVAPI32.dll
LoadedModule[11]=C:\WINDOWS\System32\msvcrt.dll
LoadedModule[12]=C:\WINDOWS\System32\sechost.dll
LoadedModule[13]=C:\WINDOWS\System32\RPCRT4.dll
LoadedModule[14]=C:\WINDOWS\System32\SHELL32.dll
LoadedModule[15]=C:\WINDOWS\System32\cfgmgr32.dll
LoadedModule[16]=C:\WINDOWS\System32\shcore.dll
LoadedModule[17]=C:\WINDOWS\System32\combase.dll
LoadedModule[18]=C:\WINDOWS\System32\bcryptPrimitives.dll
LoadedModule[19]=C:\WINDOWS\System32\windows.storage.dll
LoadedModule[20]=C:\WINDOWS\System32\profapi.dll
LoadedModule[21]=C:\WINDOWS\System32\powrprof.dll
LoadedModule[22]=C:\WINDOWS\System32\UMPDC.dll
LoadedModule[23]=C:\WINDOWS\System32\shlwapi.dll
LoadedModule[24]=C:\WINDOWS\System32\kernel.appcore.dll
LoadedModule[25]=C:\WINDOWS\System32\cryptsp.dll
LoadedModule[26]=C:\WINDOWS\System32\ole32.dll
LoadedModule[27]=C:\WINDOWS\System32\WS2_32.dll
LoadedModule[28]=C:\WINDOWS\System32\SETUPAPI.dll
LoadedModule[29]=C:\WINDOWS\System32\bcrypt.dll
LoadedModule[30]=C:\WINDOWS\System32\OLEAUT32.dll
LoadedModule[31]=C:\WINDOWS\SYSTEM32\XINPUT1_3.dll
LoadedModule[32]=C:\WINDOWS\SYSTEM32\X3DAudio1_7.dll
LoadedModule[33]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\steam_api64.dll
LoadedModule[34]=C:\WINDOWS\SYSTEM32\WINHTTP.dll
LoadedModule[35]=C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL
LoadedModule[36]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\MSVCP110.dll
LoadedModule[37]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\bink2w64.dll
LoadedModule[38]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\MSVCR110.dll
LoadedModule[39]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\nvToolsExt64_1.dll
LoadedModule[40]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\flexRelease_x64.dll
LoadedModule[41]=C:\WINDOWS\SYSTEM32\dxgi.dll
LoadedModule[42]=C:\WINDOWS\SYSTEM32\HID.DLL
LoadedModule[43]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\flexExtRelease_x64.dll
LoadedModule[44]=C:\WINDOWS\SYSTEM32\WINMM.dll
LoadedModule[45]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\GFSDK_SSAO_D3D11.win64.dll
LoadedModule[46]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\cudart64_75.dll
LoadedModule[47]=C:\WINDOWS\SYSTEM32\winmmbase.dll
LoadedModule[48]=C:\WINDOWS\SYSTEM32\dxcore.dll
LoadedModule[49]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\GFSDK_GodraysLib.x64.dll
LoadedModule[50]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\d3d11.dll
LoadedModule[51]=C:\WINDOWS\System32\IMM32.DLL
LoadedModule[52]=C:\WINDOWS\system32\d3d11.Dll
LoadedModule[53]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\f4se_steam_loader.dll
LoadedModule[54]=C:\WINDOWS\SYSTEM32\VERSION.dll
LoadedModule[55]=C:\Program Files (x86)\Steam\steamclient64.dll
LoadedModule[56]=C:\WINDOWS\System32\CRYPT32.dll
LoadedModule[57]=C:\WINDOWS\System32\MSASN1.dll
LoadedModule[58]=C:\WINDOWS\System32\imagehlp.dll
LoadedModule[59]=C:\WINDOWS\System32\PSAPI.DLL
LoadedModule[60]=C:\WINDOWS\SYSTEM32\MSWSOCK.dll
LoadedModule[61]=C:\WINDOWS\SYSTEM32\Secur32.dll
LoadedModule[62]=C:\Program Files (x86)\Steam\vstdlib_s64.dll
LoadedModule[63]=C:\Program Files (x86)\Steam\tier0_s64.dll
LoadedModule[64]=C:\WINDOWS\SYSTEM32\SSPICLI.DLL
LoadedModule[65]=C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL
LoadedModule[66]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\f4se_1_10_138.dll
LoadedModule[67]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Data\F4SE\Plugins\achievements.dll
LoadedModule[68]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Data\F4SE\Plugins\f4ee.dll
LoadedModule[69]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Data\F4SE\Plugins\LL_fourPlay_1_10_138.dll
LoadedModule[70]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Data\F4SE\Plugins\mcm.dll
LoadedModule[71]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Data\F4SE\Plugins\place.dll
LoadedModule[72]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Data\F4SE\Plugins\terminal+.dll
LoadedModule[73]=C:\WINDOWS\System32\COMDLG32.dll
LoadedModule[74]=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.207_none_e6c5ae95130e4267\COMCTL32.dll
LoadedModule[75]=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Data\F4SE\Plugins\transfer_settlements.dll
LoadedModule[76]=C:\WINDOWS\system32\uxtheme.dll
LoadedModule[77]=C:\Program Files (x86)\Steam\gameoverlayrenderer64.dll
LoadedModule[78]=C:\WINDOWS\System32\MSCTF.dll
LoadedModule[79]=C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b49751b9038af669\nvldumdx.dll
LoadedModule[80]=C:\WINDOWS\System32\WINTRUST.DLL
LoadedModule[81]=C:\WINDOWS\system32\rsaenh.dll
LoadedModule[82]=C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_b49751b9038af669\nvwgf2umx.dll
LoadedModule[83]=C:\WINDOWS\system32\nvspcap64.dll
LoadedModule[84]=C:\WINDOWS\SYSTEM32\ntmarta.dll
LoadedModule[85]=C:\WINDOWS\system32\nvapi64.dll
LoadedModule[86]=C:\WINDOWS\SYSTEM32\mscms.dll
LoadedModule[87]=C:\WINDOWS\SYSTEM32\ColorAdapterClient.dll
LoadedModule[88]=C:\WINDOWS\SYSTEM32\USERENV.dll
LoadedModule[89]=C:\WINDOWS\System32\clbcatq.dll
LoadedModule[90]=C:\WINDOWS\System32\MMDevApi.dll
LoadedModule[91]=C:\WINDOWS\System32\DEVOBJ.dll
LoadedModule[92]=C:\WINDOWS\SYSTEM32\AUDIOSES.DLL
LoadedModule[93]=C:\WINDOWS\SYSTEM32\wintypes.dll
LoadedModule[94]=C:\Windows\System32\Windows.UI.dll
LoadedModule[95]=C:\Windows\System32\InputHost.dll
LoadedModule[96]=C:\Windows\System32\TextInputFramework.dll
LoadedModule[97]=C:\Windows\System32\CoreMessaging.dll
LoadedModule[98]=C:\Windows\System32\CoreUIComponents.dll
LoadedModule[99]=C:\Windows\System32\PROPSYS.dll
LoadedModule[100]=C:\WINDOWS\SYSTEM32\dwmapi.dll
LoadedModule[101]=C:\WINDOWS\SYSTEM32\XAudio2_7.dll
LoadedModule[102]=C:\WINDOWS\SYSTEM32\avrt.dll
LoadedModule[103]=C:\WINDOWS\SYSTEM32\DSOUND.DLL
LoadedModule[104]=C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll
LoadedModule[105]=C:\WINDOWS\System32\iertutil.dll
LoadedModule[106]=C:\WINDOWS\system32\wbem\wbemprox.dll
LoadedModule[107]=C:\WINDOWS\SYSTEM32\wbemcomn.dll
LoadedModule[108]=C:\WINDOWS\system32\wbem\wbemsvc.dll
LoadedModule[109]=C:\WINDOWS\system32\wbem\fastprox.dll
LoadedModule[110]=C:\WINDOWS\SYSTEM32\amsi.dll
LoadedModule[111]=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpOav.dll
LoadedModule[112]=C:\WINDOWS\System32\NSI.dll
LoadedModule[113]=C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL
LoadedModule[114]=C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL
LoadedModule[115]=C:\WINDOWS\SYSTEM32\DNSAPI.dll
LoadedModule[116]=C:\WINDOWS\SYSTEM32\webio.dll
LoadedModule[117]=C:\WINDOWS\SYSTEM32\WINNSI.DLL
LoadedModule[118]=C:\Windows\System32\rasadhlp.dll
LoadedModule[119]=C:\WINDOWS\System32\fwpuclnt.dll
LoadedModule[120]=C:\WINDOWS\system32\schannel.DLL
LoadedModule[121]=C:\WINDOWS\SYSTEM32\mskeyprotect.dll
LoadedModule[122]=C:\WINDOWS\SYSTEM32\ncrypt.dll
LoadedModule[123]=C:\WINDOWS\SYSTEM32\NTASN1.dll
LoadedModule[124]=C:\WINDOWS\system32\ncryptsslp.dll
LoadedModule[125]=C:\WINDOWS\System32\DPAPI.DLL
OsInfo[0].Key=vermaj
OsInfo[0].Value=10
OsInfo[1].Key=vermin
OsInfo[1].Value=0
OsInfo[2].Key=verbld
OsInfo[2].Value=18362
OsInfo[3].Key=ubr
OsInfo[3].Value=207
OsInfo[4].Key=versp
OsInfo[4].Value=0
OsInfo[5].Key=arch
OsInfo[5].Value=9
OsInfo[6].Key=lcid
OsInfo[6].Value=1033
OsInfo[7].Key=geoid
OsInfo[7].Value=242
OsInfo[8].Key=sku
OsInfo[8].Value=48
OsInfo[9].Key=domain
OsInfo[9].Value=0
OsInfo[10].Key=prodsuite
OsInfo[10].Value=256
OsInfo[11].Key=ntprodtype
OsInfo[11].Value=1
OsInfo[12].Key=platid
OsInfo[12].Value=10
OsInfo[13].Key=sr
OsInfo[13].Value=0
OsInfo[14].Key=tmsi
OsInfo[14].Value=109492
OsInfo[15].Key=osinsty
OsInfo[15].Value=3
OsInfo[16].Key=iever
OsInfo[16].Value=11.175.18362.0-11.0.130
OsInfo[17].Key=portos
OsInfo[17].Value=0
OsInfo[18].Key=ram
OsInfo[18].Value=32680
OsInfo[19].Key=svolsz
OsInfo[19].Value=977
OsInfo[20].Key=wimbt
OsInfo[20].Value=0
OsInfo[21].Key=blddt
OsInfo[21].Value=190318
OsInfo[22].Key=bldtm
OsInfo[22].Value=1202
OsInfo[23].Key=bldbrch
OsInfo[23].Value=19h1_release
OsInfo[24].Key=bldchk
OsInfo[24].Value=0
OsInfo[25].Key=wpvermaj
OsInfo[25].Value=0
OsInfo[26].Key=wpvermin
OsInfo[26].Value=0
OsInfo[27].Key=wpbuildmaj
OsInfo[27].Value=0
OsInfo[28].Key=wpbuildmin
OsInfo[28].Value=0
OsInfo[29].Key=osver
OsInfo[29].Value=10.0.18362.207.amd64fre.19h1_release.190318-1202
OsInfo[30].Key=buildflightid
OsInfo[30].Value={BC759BF9-9AE0-4764-9C1B-6F6CA864B90D}.203
OsInfo[31].Key=edition
OsInfo[31].Value=Professional
OsInfo[32].Key=ring
OsInfo[32].Value=Retail
OsInfo[33].Key=expid
OsInfo[34].Key=containerid
OsInfo[35].Key=containertype
OsInfo[36].Key=edu
OsInfo[36].Value=0
File[0].CabName=WERInternalMetadata.xml
File[0].Path=WERDA1A.tmp.WERInternalMetadata.xml
File[0].Flags=327682
File[0].Type=5
File[0].Original.Path=\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WERDA1A.tmp.WERInternalMetadata.xml
FriendlyEventName=Stopped working
ConsentKey=BEX64
AppName=Fallout 4
AppPath=C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4.exe
NsPartner=windows
NsGroup=windows8
ApplicationIdentity=4D785FB00BB4C9C6988DE61B5A379B40
MetadataHash=2048613535

utility to list all processes that start over a period of time

dimension99

dimension99

dimension99

dimension99