Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Slow System- Painfully Slow at start up


  • Please log in to reply

#1
Steviep

Steviep

    Member

  • Member
  • PipPipPip
  • 399 posts

HI,

 

I had a topic within the Virus, Spyware, Malware Removal section and was assisted by Dr M on that topic.

 

He has suggested that I now bring the issue to this section as:

 

1. We checked and cleaned the system.

2. We removed remnants from Avira and Avast, as well as other remnants of programs which are no longer installed. 

3. We checked the disk and there is no issue with it.

4. We performed an in-place upgrade.

 

The computer is clean now, so no need to move on in the Malware Removal Forum. I believe something is wrong with drivers, but this is not my area of knowledge. So, someone in that Forum will assist you. 

 

My PC is slow to start from switching on to being able to use it with times running from 6 minutes to around 4 mins, Once I get to the log in screen it takes around a min or so to bring up my desktop and the task bar appears later than the main desktop, clicking on google browser or edge takes around a min and 30 secs to bring up any search results and in the search box nothing appears when I type in a search query until the result is returned. Once the first search is completed the PC seems to work as normal. I hope this makes sense 


  • 1

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,663 posts
  • MVP
Multiple replies are OK.  Best to post a log as you get it.
 
Get Process Explorer
 
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
View and check Show Processes From All Users 
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
 
Latency Monitor:
 
Go to
 
 
Scroll down to
 
System Monitoring Tools
 
and then find
 
LatencyMon 7.0 (or it may be a higher number if they update)
 
Click on Download free home edition
 
Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it. 
 
Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  
 
 
Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it. 
 
To attach a file:
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
Only files with .txt, .jpg or .zip are allowed.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
 
* Application
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button and wait.
Notepad will open with the output log.
 
 
Please copy and paste the Output log into your next reply 
 

  • 0

#3
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 399 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 98.21 60 K 8 K 0
procexp64.exe 1.02 73,024 K 99,456 K 14144 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
explorer.exe 0.26 122,160 K 213,480 K 8628 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.26 85,988 K 93,620 K 1424
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
System < 0.01 68 K 6,040 K 4
MsMpEng.exe < 0.01 388,276 K 350,328 K 4888 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher
nordvpn-service.exe < 0.01 136,692 K 104,268 K 3688 NordVPN nordvpn S.A. (Verified) nordvpn s.a.
csrss.exe < 0.01 3,172 K 5,840 K 940
MBAMService.exe < 0.01 238,820 K 220,504 K 5076 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Inc.
ctfmon.exe < 0.01 9,336 K 25,388 K 8024
cfbackd.w32.exe < 0.01 3,920 K 10,456 K 4360 DiskDrill service CleverFiles (Verified) CLEVERFILES INC.
chrome.exe < 0.01 67,968 K 154,356 K 12976 Google Chrome Google LLC (Verified) Google LLC
SDXHelper.exe < 0.01 14,540 K 27,344 K 13652 Microsoft Office SDX Helper Microsoft Corporation (Verified) Microsoft Corporation
services.exe < 0.01 5,916 K 9,408 K 1004
Malwarebytes.exe < 0.01 124,160 K 165,324 K 8656 Malwarebytes Malwarebytes (Verified) Malwarebytes Inc.
chrome.exe < 0.01 25,316 K 44,024 K 12624 Google Chrome Google LLC (Verified) Google LLC
TextInputHost.exe < 0.01 22,860 K 61,724 K 956 Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,756 K 13,900 K 12552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WDDriveService.exe < 0.01 9,572 K 19,500 K 5032 WD Drive Service Western Digital Technologies, Inc. (Verified) Western Digital Technologies, Inc.
eEBSvc.exe < 0.01 5,128 K 7,528 K 4416 eEBAPI Core Process module SEIKO EPSON CORPORATION (No signature was present in the subject) SEIKO EPSON CORPORATION
OfficeClickToRun.exe < 0.01 43,624 K 68,532 K 4376 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 7,472 K 14,744 K 1316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 9,784 K 26,192 K 1160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 2,480 K 5,304 K 844
svchost.exe < 0.01 6,296 K 15,580 K 1992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
msedge.exe < 0.01 32,076 K 60,556 K 1480 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 11,536 K 20,500 K 10132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 88,356 K 96,620 K 2684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,540 K 12,812 K 6048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
wmpnetwk.exe 7,740 K 23,628 K 7452 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WMIRegistrationService.exe 2,820 K 14,456 K 5008 Intel® Management Engine WMI Provider Registration Intel Corporation (Verified) Intel Corporation
WmiPrvSE.exe 6,180 K 16,612 K 6384
winlogon.exe 2,464 K 11,904 K 1036
wininit.exe 1,440 K 6,260 K 932
WidgetService.exe 4,328 K 19,232 K 8892 WidgetService.exe Microsoft Corporation (Verified) Microsoft Windows
Widgets.exe 8,480 K 39,372 K 13416 Microsoft Corporation (Verified) Microsoft Windows
UserOOBEBroker.exe 1,972 K 9,664 K 12828 User OOBE Broker Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,376 K 7,212 K 7164
taskhostw.exe 6,120 K 16,088 K 8396 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettings.exe Suspended 133,748 K 4,016 K 11464 Settings Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,244 K 9,108 K 3124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,836 K 17,436 K 4640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,368 K 30,760 K 8300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 18,856 K 23,704 K 3708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,816 K 11,252 K 10176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,504 K 18,848 K 9172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,492 K 7,856 K 3904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,028 K 18,084 K 8504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 24,172 K 33,428 K 4396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,052 K 7,736 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 13,372 K 31,840 K 4476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,484 K 8,200 K 1360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,440 K 7,796 K 3772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 16,816 K 18,424 K 2376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,744 K 9,488 K 1832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,228 K 18,612 K 3992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,612 K 10,288 K 2868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,044 K 10,396 K 3776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,928 K 10,780 K 4624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,028 K 14,888 K 4352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,900 K 7,912 K 4152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19,584 K 38,960 K 4404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,508 K 8,668 K 8784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,988 K 10,328 K 1892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,260 K 17,664 K 4932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,708 K 16,876 K 4576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,172 K 17,100 K 9980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,668 K 6,856 K 3768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,604 K 5,808 K 1628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,252 K 5,572 K 2700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,744 K 14,344 K 8668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,772 K 19,264 K 3332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,348 K 9,452 K 4720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,656 K 14,180 K 2180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,344 K 14,900 K 1520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,992 K 7,828 K 2692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,848 K 16,136 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,284 K 12,056 K 1704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,620 K 16,772 K 1816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,924 K 10,308 K 12344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,092 K 9,484 K 2412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,864 K 7,372 K 2992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,628 K 7,448 K 13780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,852 K 20,072 K 13560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,140 K 5,012 K 1564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,840 K 7,492 K 1688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,572 K 11,496 K 1696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,340 K 9,840 K 1884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,312 K 6,300 K 2044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,464 K 5,484 K 824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,184 K 8,424 K 2404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,908 K 8,212 K 2860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,048 K 8,404 K 2984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,140 K 12,840 K 3404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,496 K 6,880 K 3432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,440 K 10,988 K 4016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,552 K 7,284 K 4076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,412 K 6,628 K 4328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,704 K 6,676 K 4728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,232 K 5,704 K 4864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,868 K 6,120 K 5984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,964 K 8,188 K 7784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,288 K 5,288 K 7788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,548 K 6,900 K 7800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,784 K 9,056 K 7904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,052 K 8,668 K 7440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,044 K 8,740 K 8232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,868 K 9,100 K 7060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,500 K 11,372 K 8440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,096 K 11,560 K 10036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,436 K 7,808 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,100 K 13,184 K 3876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,736 K 12,016 K 11176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,636 K 11,340 K 12992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,712 K 12,100 K 12608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,044 K 11,336 K 5088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,692 K 9,584 K 11148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,608 K 11,032 K 6468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe 70,364 K 98,008 K 9860 Windows Start Experience Host Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 6,128 K 15,184 K 4056 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 1,116 K 1,200 K 592
smartscreen.exe 4,760 K 19,664 K 2544 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 6,300 K 31,784 K 4916 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 11,868 K 6,096 K 10364 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthSystray.exe 1,812 K 10,144 K 1736 Windows Security notification icon Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 7,528 K 19,564 K 9436 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
Secure System Suspended 188 K 24,208 K 92
SearchIndexer.exe 20,824 K 31,604 K 4920 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchHost.exe Suspended 31,116 K 68,924 K 5620 Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,748 K 31,016 K 9812 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 4,208 K 24,352 K 8288 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,028 K 21,772 K 7700 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,400 K 13,848 K 11400 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkAudUService64.exe 2,236 K 9,864 K 4792 Realtek HD Audio Universal Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RstMwService.exe 1,608 K 7,084 K 4764 Intel® Rapid Storage Technology Management Service Intel Corporation (Verified) Intel® Rapid Storage Technology
Registry 15,020 K 51,200 K 136
procexp.exe 4,976 K 13,560 K 12080 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 24,896 K 18,000 K 8216 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PickerHost.exe 1,572 K 9,516 K 12856 File Picker UI Host Microsoft Corporation (Verified) Microsoft Windows
NordUpdateService.exe 131,828 K 65,108 K 4676 NordSec Update Service nordvpn S.A. (Verified) nordvpn s.a.
NisSrv.exe 5,140 K 11,912 K 11332 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher
msedgewebview2.exe Suspended 33,236 K 75,824 K 5052 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
msedgewebview2.exe 2,076 K 6,948 K 10420 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
msedgewebview2.exe Suspended 34,536 K 32,428 K 10808 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
msedgewebview2.exe Suspended 11,968 K 29,236 K 10836 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
msedgewebview2.exe Suspended 7,460 K 15,604 K 10876 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
msedgewebview2.exe Suspended 54,992 K 45,160 K 11032 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 67,616 K 146,500 K 10280 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 14,944 K 39,284 K 6720 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 51,024 K 85,684 K 9004 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 85,192 K 124,264 K 1748 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 6,964 K 18,448 K 8804 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 17,416 K 27,028 K 9564 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 6,924 K 18,344 K 15336 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 8,020 K 22,608 K 5188 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 23,824 K 43,092 K 14564 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
msedge.exe 2,048 K 8,048 K 13764 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
MpDefenderCoreService.exe 10,168 K 22,288 K 4668 Antimalware Core Service Microsoft Corporation (Verified) Microsoft Windows Publisher
Memory Compression 724 K 172,416 K 2832
mDNSResponder.exe 1,808 K 6,884 K 4336 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe 10,124 K 23,180 K 728 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
LsaIso.exe 1,044 K 3,528 K 356
LocationNotificationWindows.exe 1,924 K 3,004 K 10980 Location Notification Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 2,936 K 12,688 K 4692 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation
jhi_service.exe 1,332 K 6,488 K 5168 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel® Embedded Subsystems and IP Blocks Group
IntelCpHeciSvc.exe 1,476 K 7,524 K 5212 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX
IntelCpHDCPSvc.exe 1,504 K 7,672 K 4368 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 5,536 K 23,064 K 9232 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,888 K 8,948 K 2948 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
IAStorDataMgrSvc.exe 41,500 K 60,988 K 9424 IAStorDataSvc Intel Corporation (Verified) Intel® Rapid Storage Technology
fontdrvhost.exe 3,644 K 6,832 K 1208
fontdrvhost.exe 2,020 K 3,596 K 1200
EvtEng.exe 5,052 K 14,296 K 4544 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel® Wireless Connectivity Solutions
escsvc64.exe 1,392 K 7,708 K 5492 Epson Scanner Service (64bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
E_S50RPB.EXE 1,084 K 5,256 K 4492
dasHost.exe 8,484 K 20,688 K 2632
chrome.exe 78,432 K 118,176 K 14324 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 26,856 K 59,536 K 14728 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 18,172 K 23,148 K 11836 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 24,116 K 43,864 K 14540 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 18,348 K 23,812 K 11640 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 120,344 K 125,248 K 12892 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 20,144 K 28,476 K 10572 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 6,708 K 9,124 K 12568 Google Chrome Google LLC (Verified) Google LLC
backgroundTaskHost.exe Suspended 3,512 K 2,012 K 4812 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
ApplicationFrameHost.exe 10,044 K 30,728 K 13760 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
AggregatorHost.exe 2,188 K 8,428 K 8012

  • 0

#4
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 399 posts
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Secure System                   92 N/A                                         
Registry                       136 N/A                                         
smss.exe                       592 N/A                                         
csrss.exe                      844 N/A                                         
wininit.exe                    932 N/A                                         
csrss.exe                      940 N/A                                         
services.exe                  1004 N/A                                         
LsaIso.exe                     356 N/A                                         
lsass.exe                      728 KeyIso, SamSs, VaultSvc                     
winlogon.exe                  1036 N/A                                         
svchost.exe                   1160 BrokerInfrastructure, DcomLaunch, PlugPlay, 
                                   Power, SystemEventsBroker                   
fontdrvhost.exe               1200 N/A                                         
fontdrvhost.exe               1208 N/A                                         
svchost.exe                   1316 RpcEptMapper, RpcSs                         
svchost.exe                   1360 LSM                                         
dwm.exe                       1424 N/A                                         
svchost.exe                   1564 HvHost                                      
svchost.exe                   1628 CoreMessagingRegistrar                      
svchost.exe                   1688 BTAGService                                 
svchost.exe                   1696 BthAvctpSvc                                 
svchost.exe                   1704 bthserv                                     
svchost.exe                   1816 Schedule                                    
svchost.exe                   1832 nsi                                         
svchost.exe                   1884 ProfSvc                                     
svchost.exe                   1892 NcbService                                  
svchost.exe                   1992 netprofm                                    
svchost.exe                   2044 DispBrokerDesktopSvc                        
svchost.exe                    824 hidserv                                     
svchost.exe                   1520 UserManager                                 
svchost.exe                   2180 camsvc                                      
svchost.exe                   2356 Dnscache                                    
svchost.exe                   2376 EventLog                                    
svchost.exe                   2404 DeviceAssociationService                    
svchost.exe                   2412 TimeBrokerSvc                               
dasHost.exe                   2632 N/A                                         
svchost.exe                   2684 SysMain                                     
svchost.exe                   2692 EventSystem                                 
svchost.exe                   2700 Themes                                      
Memory Compression            2832 N/A                                         
svchost.exe                   2860 SENS                                        
svchost.exe                   2868 hns                                         
igfxCUIService.exe            2948 igfxCUIService2.0.0.0                       
svchost.exe                   2984 AudioEndpointBuilder                        
svchost.exe                   2992 FontCache                                   
svchost.exe                   3124 SSDPSRV                                     
svchost.exe                   3332 StateRepository                             
svchost.exe                   3404 Audiosrv                                    
svchost.exe                   3432 TextInputManagementService                  
svchost.exe                   3768 DusmSvc                                     
svchost.exe                   3772 Dhcp                                        
svchost.exe                   3776 Wcmsvc                                      
svchost.exe                   3904 WinHttpAutoProxySvc                         
svchost.exe                   3992 WlanSvc                                     
svchost.exe                   4016 ShellHWDetection                            
spoolsv.exe                   4056 Spooler                                     
svchost.exe                   4076 nvagent                                     
nordvpn-service.exe           3688 nordvpn-service                             
svchost.exe                   3708 BFE, mpssvc                                 
svchost.exe                   4152 LanmanWorkstation                           
svchost.exe                   4328 SharedAccess                                
mDNSResponder.exe             4336 Bonjour Service                             
svchost.exe                   4352 CryptSvc                                    
cfbackd.w32.exe               4360 cfbackd                                     
IntelCpHDCPSvc.exe            4368 cplspcon                                    
OfficeClickToRun.exe          4376 ClickToRunSvc                               
svchost.exe                   4396 DPS                                         
svchost.exe                   4404 DiagTrack                                   
eEBSvc.exe                    4416 EpsonBidirectionalService                   
E_S50RPB.EXE                  4492 EPSON_PM_RPCV4_04                           
EvtEng.exe                    4544 EvtEng                                      
svchost.exe                   4624 iphlpsvc                                    
svchost.exe                   4640 Winmgmt                                     
MpDefenderCoreService.exe     4668 MDCoreSvc                                   
NordUpdateService.exe         4676 NordUpdaterService                          
LMS.exe                       4692 LMS                                         
svchost.exe                   4720 LanmanServer                                
svchost.exe                   4728 SstpSvc                                     
RstMwService.exe              4764 RstMwService                                
RtkAudUService64.exe          4792 RtkAudioUniversalService                    
svchost.exe                   4864 TrkWks                                      
MsMpEng.exe                   4888 WinDefend                                   
SearchIndexer.exe             4920 WSearch                                     
svchost.exe                   4932 WpnService                                  
WMIRegistrationService.ex     5008 WMIRegistrationService                      
WDDriveService.exe            5032 WDDriveService                              
MBAMService.exe               5076 MBAMService                                 
jhi_service.exe               5168 jhi_service                                 
IntelCpHeciSvc.exe            5212 cphs                                        
escsvc64.exe                  5492 EpsonScanSvc                                
svchost.exe                   5984 WdiSystemHost                               
svchost.exe                   6048 RasMan                                      
unsecapp.exe                  7164 N/A                                         
WmiPrvSE.exe                  6384 N/A                                         
wmpnetwk.exe                  7452 WMPNetworkSvc                               
svchost.exe                   7788 lmhosts                                     
svchost.exe                   7784 NcdAutoSetup                                
svchost.exe                   7800 fdPHost                                     
svchost.exe                   7904 FDResPub                                    
AggregatorHost.exe            8012 N/A                                         
sihost.exe                    4916 N/A                                         
svchost.exe                   7440 BluetoothUserService_a8c0c                  
svchost.exe                   4476 CDPUserSvc_a8c0c                            
PresentationFontCache.exe     8216 FontCache3.0.0.0                            
svchost.exe                   8232 webthreatdefusersvc_a8c0c                   
svchost.exe                   8300 WpnUserService_a8c0c                        
taskhostw.exe                 8396 N/A                                         
svchost.exe                   8504 TokenBroker                                 
svchost.exe                   8668 UsoSvc                                      
svchost.exe                   8784 RmSvc                                       
explorer.exe                  8628 N/A                                         
svchost.exe                   7060 NgcSvc                                      
svchost.exe                   8440 NgcCtnrSvc                                  
svchost.exe                   9172 CDPSvc                                      
igfxEM.exe                    9232 N/A                                         
svchost.exe                   9980 cbdhsvc_a8c0c                               
svchost.exe                  10036 Appinfo                                     
svchost.exe                  10176 upnphost                                    
SearchHost.exe                5620 N/A                                         
StartMenuExperienceHost.e     9860 N/A                                         
RuntimeBroker.exe             9812 N/A                                         
TextInputHost.exe              956 N/A                                         
RuntimeBroker.exe             8288 N/A                                         
svchost.exe                   1440 UdkUserSvc_a8c0c                            
msedgewebview2.exe            5052 N/A                                         
WidgetService.exe             8892 N/A                                         
svchost.exe                   4576 lfsvc                                       
ctfmon.exe                    8024 N/A                                         
svchost.exe                  10132 DoSvc                                       
msedgewebview2.exe           10420 N/A                                         
msedgewebview2.exe           10808 N/A                                         
msedgewebview2.exe           10836 N/A                                         
msedgewebview2.exe           10876 N/A                                         
LocationNotificationWindo    10980 N/A                                         
msedgewebview2.exe           11032 N/A                                         
svchost.exe                   3876 OneSyncSvc_a8c0c                            
IAStorDataMgrSvc.exe          9424 IAStorDataMgrSvc                            
svchost.exe                  11176 StorSvc                                     
NisSrv.exe                   11332 WdNisSvc                                    
SecurityHealthSystray.exe     1736 N/A                                         
SecurityHealthService.exe     9436 SecurityHealthService                       
Malwarebytes.exe              8656 N/A                                         
svchost.exe                  12552 webthreatdefsvc                             
chrome.exe                   12976 N/A                                         
svchost.exe                  12992 PcaSvc                                      
chrome.exe                   12568 N/A                                         
chrome.exe                   12892 N/A                                         
chrome.exe                   12624 N/A                                         
chrome.exe                   11640 N/A                                         
svchost.exe                  12608 InventorySvc                                
svchost.exe                  13560 InstallService                              
svchost.exe                  13780 W32Time                                     
chrome.exe                   14324 N/A                                         
chrome.exe                   11836 N/A                                         
svchost.exe                  12344 wscsvc                                      
ShellExperienceHost.exe      10364 N/A                                         
RuntimeBroker.exe            11400 N/A                                         
Widgets.exe                  13416 N/A                                         
svchost.exe                   5088 NPSMSvc_a8c0c                               
svchost.exe                   1584 LicenseManager                              
chrome.exe                   14540 N/A                                         
ApplicationFrameHost.exe     13760 N/A                                         
SystemSettings.exe           11464 N/A                                         
svchost.exe                  11148 DevicesFlowUserSvc_a8c0c                    
UserOOBEBroker.exe           12828 N/A                                         
SDXHelper.exe                13652 N/A                                         
chrome.exe                   14728 N/A                                         
svchost.exe                   6468 DsSvc                                       
backgroundTaskHost.exe        4812 N/A                                         
msedge.exe                   10280 N/A                                         
msedge.exe                   13764 N/A                                         
msedge.exe                   14564 N/A                                         
msedge.exe                    6720 N/A                                         
msedge.exe                   15336 N/A                                         
msedge.exe                    1748 N/A                                         
msedge.exe                    1480 N/A                                         
msedge.exe                    9004 N/A                                         
msedge.exe                    8804 N/A                                         
msedge.exe                    5188 N/A                                         
RuntimeBroker.exe             7700 N/A                                         
PickerHost.exe               12856 N/A                                         
smartscreen.exe               2544 N/A                                         
dllhost.exe                  13484 N/A                                         
chrome.exe                   12904 N/A                                         
chrome.exe                   10148 N/A                                         
chrome.exe                    3888 N/A                                         
svchost.exe                   6100 gpsvc                                       
msedge.exe                   10028 N/A                                         
svchost.exe                   8616 wlidsvc                                     
RuntimeBroker.exe             6116 N/A                                         
audiodg.exe                  14052 N/A                                         
cmd.exe                       8472 N/A                                         
conhost.exe                    836 N/A                                         
tasklist.exe                 13712 N/A                                         
WmiPrvSE.exe                  1940 N/A                                         

  • 0

#5
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 399 posts
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:33  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        DESKTOP-T3QOQ8M
OS version:                                           Windows 11, 10.0, version 2009, build: 22631 (x64)
Hardware:                                             Carlos, Acer
BIOS:                                                 R01-C3
CPU:                                                  GenuineIntel Intel® Core™ i5-8400 CPU @ 2.80GHz
Logical processors:                                   6
Processor groups:                                     1
Processor group size:                                 6
RAM:                                                  8069 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed (WMI):                             2808 MHz
Reported CPU speed (registry):                        2808 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   105.0
Average measured interrupt to process latency (µs):   9.623005
 
Highest measured interrupt to DPC latency (µs):       87.10
Average measured interrupt to DPC latency (µs):       3.321958
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              83.010684
Driver with highest ISR routine execution time:       HDAudBus.sys - High Definition Audio Bus Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.002143
Driver with highest ISR total time:                   HDAudBus.sys - High Definition Audio Bus Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.002379
 
ISR count (execution time <250 µs):                   371
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              143.920228
Driver with highest DPC routine execution time:       tcpip.sys - TCP/IP Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.015517
Driver with highest DPC total execution time:         rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.051963
 
DPC count (execution time <250 µs):                   19501
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              0
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 msmpeng.exe
 
Total number of hard pagefaults                       54
Hard pagefault count of hardest hit process:          43
Number of processes hit:                              7
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.539306
CPU 0 ISR highest execution time (µs):                83.010684
CPU 0 ISR total execution time (s):                   0.004771
CPU 0 ISR count:                                      371
CPU 0 DPC highest execution time (µs):                82.857194
CPU 0 DPC total execution time (s):                   0.094024
CPU 0 DPC count:                                      18801
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.304284
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                143.920228
CPU 1 DPC total execution time (s):                   0.007240
CPU 1 DPC count:                                      420
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.155485
CPU 2 ISR highest execution time (µs):                0.0
CPU 2 ISR total execution time (s):                   0.0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                40.839031
CPU 2 DPC total execution time (s):                   0.000359
CPU 2 DPC count:                                      36
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.098933
CPU 3 ISR highest execution time (µs):                0.0
CPU 3 ISR total execution time (s):                   0.0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                25.199786
CPU 3 DPC total execution time (s):                   0.000244
CPU 3 DPC count:                                      33
_________________________________________________________________________________________________________
CPU 4 Interrupt cycle time (s):                       0.112668
CPU 4 ISR highest execution time (µs):                0.0
CPU 4 ISR total execution time (s):                   0.0
CPU 4 ISR count:                                      0
CPU 4 DPC highest execution time (µs):                36.835470
CPU 4 DPC total execution time (s):                   0.000423
CPU 4 DPC count:                                      48
_________________________________________________________________________________________________________
CPU 5 Interrupt cycle time (s):                       0.111194
CPU 5 ISR highest execution time (µs):                0.0
CPU 5 ISR total execution time (s):                   0.0
CPU 5 ISR count:                                      0
CPU 5 DPC highest execution time (µs):                108.989672
CPU 5 DPC total execution time (s):                   0.001912
CPU 5 DPC count:                                      163
_________________________________________________________________________________________________________

  • 0

#6
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 399 posts

Here is the Drivers Screen print

Attached Thumbnails

  • Drivers.jpg

Edited by Steviep, 11 May 2024 - 06:59 AM.

  • 0

#7
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 399 posts

Processes Screen print

Attached Thumbnails

  • Processes.jpg

  • 0

#8
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 399 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 11/05/2024 14:04:02
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:26:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:26:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:23:08
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:11:02
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:11:02
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:04:32
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 18:19:07
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 18:19:07
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 18:19:07
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 18:18:03
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 18:18:03
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 18:14:27
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 17:40:37
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 17:40:37
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/05/2024 08:16:33
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service did not respond on starting. 
 
Log: 'System' Date/Time: 10/05/2024 19:26:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:26:31
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Log: 'System' Date/Time: 10/05/2024 19:25:36
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service GoogleChromeElevationService with arguments "Unavailable" in order to run the server: {708860E0-F641-4611-8895-7D867DD3675B}
 
Log: 'System' Date/Time: 10/05/2024 19:25:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:25:12
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:25:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
Log: 'System' Date/Time: 10/05/2024 19:25:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
Log: 'System' Date/Time: 10/05/2024 19:25:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/05/2024 12:41:25
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DESKTOP-T3QOQ8M\steven SID (S-1-5-21-1741543102-3776721137-2454621359-1001) from address LocalHost (Using LRPC) running in the application container MicrosoftWindows.Client.CBS_1000.22688.1000.0_x64__cw5n1h2txyewy SID (S-1-15-2-283421221-3183566570-1718213290-751554359-3541592344-2312209569-3374928651). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 11/05/2024 08:17:48
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 11/05/2024 08:17:48
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 11/05/2024 08:17:48
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 11/05/2024 08:14:00
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 11/05/2024 08:14:00
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 11/05/2024 08:14:00
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 11/05/2024 08:14:00
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 11/05/2024 08:12:13
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 11/05/2024 08:12:13
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 11/05/2024 08:12:07
Type: Warning Category: 0
Event: 6062 Source: Netwtw08
6062 - Lso was triggered
 
Log: 'System' Date/Time: 11/05/2024 08:12:00
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll 
 
Log: 'System' Date/Time: 11/05/2024 08:11:58
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 11/05/2024 08:11:58
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 11/05/2024 08:11:58
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 11/05/2024 08:11:54
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 11/05/2024 08:11:54
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: sfapm
 
Log: 'System' Date/Time: 11/05/2024 08:11:54
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: schannel
 
Log: 'System' Date/Time: 11/05/2024 08:11:54
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: wdigest
 
Log: 'System' Date/Time: 11/05/2024 08:11:54
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: cloudap

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,663 posts
  • MVP

I don't see much.  Process Explorer shows the CPU is not overloaded.  Latency Monitor says things are good but your driver and process screenshots are hard to read but I  think they are OK.  The main problem appears to be a bunch of services which are not starting when they should.

 

Log: 'System' Date/Time: 11/05/2024 08:16:33
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service did not respond on starting. 
 
Log: 'System' Date/Time: 10/05/2024 19:26:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:26:31
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

 

Also a problem with MBAM:

Log: 'System' Date/Time: 11/05/2024 08:14:00
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.
 

 

We can live without MBAM for now so just uninstall it.

 

Let's run SFC and DISM and see if that clears up the services"

 

Search for

cmd

It will find Command Prompt.  Right click on it and Run as Admin.

 

Type:

 

DISM  /Online  /Cleanup-Image  /RestoreHealth
 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
SFC /scannow

hit Enter.  Should take about 10 minutes to complete.

When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt 

(Rather than type the command you can highlight and copy it (Ctrl +c) and then move to the Command Prompt and right click)

 

Hit Enter.  Then type::
notepad %UserProfile%\desktop\junk.txt 

Hit Enter.  Notepad should open with the results of the findstr.  Copy and paste to a Reply.

 

Return to the Command Prompt and type:

FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

Hit Enter.  

Now reboot and wait a few minutes for things to stabilize then run  VEW.exe again as before and post the log.

 

Let look at your Disk and Internet usage  Search for 

task manager

and hit Enter.

Click on

More Details

then click on the Performance tab.

 

Process Explorer says your CPU usage was minimal so I expect that is what you will see on this tab but check the Disk 0. It should also be fairly low.  Just a few percent.  I have seen systems where logging was turned on and that really slowed things down and the only clue was a high disk usage.

 

Also check the Ethernet usage.  Again should be minimal at this time.

 

If anything is not minimal except Memory which should be stable at 40-50% then click on Open Resource Monitor.  That will let us see what  programs are the big users.

 

Finally open a browser and go to:

 

https://www.speedtest.net/

 

Hit GO.

 

Report the Download and Upload Mbps figures that you get.  Are these about what you pay for?

 

 

(Rather than type the command you can highlight and copy it (Ctrl +c) and then move to the Command Prompt and right click)


  • 0

#10
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,186 posts

RKinner,

 

Apologies for jumping in to the topic.

 

Just a reminder:

 

We already run DISM and SFC. Some corrupted files were fixed. In addition to that, after that, we performed an in-place upgrade. So, this step is already covered. 

 

As to the MBAM related "error", is not something to worry about. It is a common warning, but not an error. See here: 'MBAMFarflt' Bypass IO - Malwarebytes for Windows Support Forum - Malwarebytes Forums

 

Just an idea:

 

Since there is nothing else obvious, I would think about update the BIOS. 


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,663 posts
  • MVP
after that, we performed an in-place upgrade.

 

 

An in-place upgrade means lots of changes to the system files and there is always a chance for something to go wrong.  I still want DISM and SPC to be run.  If that doesn't help with the services that aren't running then we have to look at each service individually which is a pain especially since we can't used FRST in this forum.


  • 1

#12
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 399 posts

HI,

 

I have removed MBAM, I have run SFC and DISM and got the message Windows Resource Protection found corrupt files and repaired them. Here is the Log for VEW:

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 12/05/2024 11:00:38
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:26:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:26:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:23:08
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:11:02
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:11:02
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/05/2024 08:32:19
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.
 
Log: 'System' Date/Time: 11/05/2024 18:50:51
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.
 
Log: 'System' Date/Time: 11/05/2024 08:16:33
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service did not respond on starting. 
 
Log: 'System' Date/Time: 10/05/2024 19:26:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:26:31
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Log: 'System' Date/Time: 10/05/2024 19:25:36
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service GoogleChromeElevationService with arguments "Unavailable" in order to run the server: {708860E0-F641-4611-8895-7D867DD3675B}
 
Log: 'System' Date/Time: 10/05/2024 19:25:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:25:12
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:25:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:36
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:36
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:29
Type: Warning Category: 0
Event: 6062 Source: Netwtw08
6062 - Lso was triggered
 
Log: 'System' Date/Time: 12/05/2024 09:55:22
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll 
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: sfapm
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: schannel
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: wdigest
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: cloudap
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: pku2u
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: tspkg
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: kerberos
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: negoexts
 
 
Process Explorer says your CPU usage was minimal so I expect that is what you will see on this tab says 4% but check the Disk 0 - says 1%  Memory is stable at 54%
 
Speedtest show that download speed is 138.38mbps and upload is 19.91 mbps which is better than what I pay for :)

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,663 posts
  • MVP

Looks like you skipped this line:

FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

 

All it does is remove the old events to make it easier to see the new one but going by the dates SFC/DISM did help a lot.  I only see these from May 12:

Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.
 
Log: 'System' Date/Time: 11/05/2024 18:50:51
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.
 
Log: 'System' Date/Time: 11/05/2024 08:16:33
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service did not respond on starting. 

 

 

The top two are NordVPN so I expect it need to be removed and reinstalled or perhaps it has a Repair option or maybe you could just remove it for now.  (A VPN will slow down the PC if it runs all of the time and not just when you want to do something with a browser.)

 

The last one Downloaded Maps Manager service is

"Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps."  

This is not a critical service and I really don't see the point of it (It is disabled on my PC) so I would suggest you search for 

services.msc

and hit Enter.

This will bring up the Services menu.  Scroll down to Downloaded Maps Manager and right click on it.  Select Properties.  Change the Startup Type: to Disabled then OK.

 

I also see some odd lSA errors.  These are supposed to be caused by a bug in one of the recent updates.  There is a workaround if you want to try it:

 

https://www.minitool...s-expected.html

 

Unless you are having trouble connecting I wouldn't worry about 

 

Finally I see Intel is up to their old tricks again:

 
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 

 

 

Intel makes good hardware but their software is buggy.  This is probably from

Intel® Management Engine so I would try the latest version:

 

https://www.intel.co...nagement Engine

 

You might see if they have other new drivers for you using their autoupdate software. 

https://www.intel.co...enter/home.html

If you do use it be sure to uninstall it after you download any drivers it finds.

 

One critical driver is the 

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{64A94A93-B0C4-4B16-8CDC-FDB06E8CC306}) (Version: 16.0.2.1086 - Intel Corporation) Hidden
This is the interface between the hard drive and CPU so can be a problem if not working correctly.  I'm not sure if the update software covers IRST or not.  IF not you can try to install a newer version:
It won't install if it's not the right software or you have a different generation than 10 or 11.
 
When done with the above, open an Admin Command Prompt as before and type or copy and paste:
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

Hit Enter.  Should take a minute or so to finish.  When the prompt returns close all programs and reboot then run VEW again.

 

 


  • 0

#14
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 399 posts

Morning,

 

Thank you again for taking the time to help with this.

 

I have uninstalled NORD and disabled the Downloaded Maps Manager. I have downloaded the latest Intel® Management Engine although I'm not sure if there is something I need to do with it or does it just work away in the background?, I have tried downloading the auto update software but get this message "The requested URL was rejected. Please consult with your administrator.

Your support ID is: 15897916692855517924" and I have updated the Intel® Rapid Storage Technology.

 

Here is the latest VEW Log:

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 12/05/2024 11:00:38
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:26:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:26:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:23:08
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:11:02
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:11:02
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/05/2024 08:32:19
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.
 
Log: 'System' Date/Time: 11/05/2024 18:50:51
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.
 
Log: 'System' Date/Time: 11/05/2024 08:16:33
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service did not respond on starting. 
 
Log: 'System' Date/Time: 10/05/2024 19:26:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:26:31
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Log: 'System' Date/Time: 10/05/2024 19:25:36
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service GoogleChromeElevationService with arguments "Unavailable" in order to run the server: {708860E0-F641-4611-8895-7D867DD3675B}
 
Log: 'System' Date/Time: 10/05/2024 19:25:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:25:12
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:25:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:36
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:36
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:29
Type: Warning Category: 0
Event: 6062 Source: Netwtw08
6062 - Lso was triggered
 
Log: 'System' Date/Time: 12/05/2024 09:55:22
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll 
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: sfapm
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: schannel
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: wdigest
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: cloudap
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: pku2u
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: tspkg
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: kerberos
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: negoexts

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,663 posts
  • MVP

The Intel Management Engine is unfortunately included with the CPU.  It's main purpose is to allow large corporations to control their PCs remotely.  You can uninstall the software but that triggers an error too and right now I'm trying to eliminate as many errors as possible.

 

Go to Settings, Update and Security. Check for Updates (even if it says there are none because it checked recently).  Are there any updates?  Make sure all updates install and that Check for Updates reports no  more updates.  There have been a few updates recently that tend to fail and then reinstall over and over which takes a toll on the PC.

 

I'm having trouble identifying new events because of all of the old events but it looks like we are making progress.

 

Since we can't seem to clear the events the easy way let's try doing it manually.

Search for

 

and hit Enter.

That should bring up the Event Viewer.

 

Click on the arrow in front of Windows Logs Right click on System and Clear Log, Click on Clear.
Repeat for Application.
 
Reboot. 
 
Run VEW again as before and post the log.

  • 0






Similar Topics

1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    Steviep

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP