I'm traveling with my dual-boot Windows 10/Ubuntu laptop and often have fairly limited access to WiFi. When I boot into the Windows side of things (or even wake from sleep, after sleeping a while), I often experience a period of poorer than expected network performance.
Opening task manager, I see via "App History" that something called "Uninstalled processes" typically peg the network for a few minutes after waking. By "peg" I mean that their network use increases in lockstep with anything else I have open that is trying to download continuously. Usually it goes quiet after a few minutes, but it is extremely annoying while it is active. It is worse while tethered to my phone, since then I'm paying real dollars for this activity.
Here's a typical shot of the "App History" list after waking and using "Delete usage history" to bring all counters to zero:
This is some time after the "uninstalled processes" stopped using the network, but initially after wake it was tied for the highest network using process.
This is a new box, and I've uninstalled perhaps a dozen things on it, but none recently and there have been plenty of reboots since the last reinstall.
I'm pretty desperate for any tip on how to track down this rogue process.
Best Answer
As alluded to in the forensics presentation linked by harrymc in the comments, the Uninstalled processes entry is the sum of the statistics for processes whose on-disk executables can no longer be found. The Windows System Resource Usage Monitor, as evidenced by slide 17 of that presentation, identifies programs by their full Object Manager names (in the case of desktop apps), the service name (in the case of services), or the Windows Store application ID.
Task Manager tries to display the application title for every entry, but that information isn't stored in the SRUM database - it's only in the executable's properties. The theory is that if Task Manager can't find the program's EXE, it lumps the stats into Uninstalled processes. We can verify that theory using science! Download your favorite portable program that uses a lot of one system resource (e.g. Procmon, which takes some CPU time if you let it run unfiltered for a bit). Note its entry in the Task Manager accounting. Now close and delete/move the test program, and reopen Task Manager. The resources used have been added to the Uninstalled processes entry.
Note that Task Manager might consider a program "uninstalled" if its executable is inaccessible for any reason, not just absence. In that case, the program responsible for the activity would reside in a system directory inaccessible even to administrators (by default). You could get more information on it with Process Explorer.
Therefore, the network usage is being done by a program that can't be found at the time you run Task Manager. This is almost certainly caused by a desktop application that dumps out or extracts another EXE (e.g. an update checker program), runs that EXE, and then deletes it after it exits. To figure out what's doing it, you could try to parse the SRUM database directly (as described in the presentation), use Procmon's boot logging capability, or try disabling some of your auto-start applications with Autoruns.