Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Very Slow System- Painfully Slow at start up

Started by Steviep , May 11 2024 02:30 AM

Please log in to reply

#1
Steviep

Posted 11 May 2024 - 02:30 AM

Member

Member
420 posts

HI,

I had a topic within the Virus, Spyware, Malware Removal section and was assisted by Dr M on that topic.

He has suggested that I now bring the issue to this section as:

1. We checked and cleaned the system.

2. We removed remnants from Avira and Avast, as well as other remnants of programs which are no longer installed.

3. We checked the disk and there is no issue with it.

4. We performed an in-place upgrade.

The computer is clean now, so no need to move on in the Malware Removal Forum. I believe something is wrong with drivers, but this is not my area of knowledge. So, someone in that Forum will assist you.

My PC is slow to start from switching on to being able to use it with times running from 6 minutes to around 4 mins, Once I get to the log in screen it takes around a min or so to bring up my desktop and the task bar appears later than the main desktop, clicking on google browser or edge takes around a min and 30 secs to bring up any search results and in the search box nothing appears when I type in a search query until the result is returned. Once the first search is completed the PC seems to work as normal. I hope this makes sense

#2
RKinner

Posted 11 May 2024 - 04:35 AM

Malware Expert

Expert
24,730 posts

Multiple replies are OK. Best to post a log as you get it.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View and check Show Processes From All Users

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Win 8: http://www.eightforu...indows-8-a.html

win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 7.0 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin. It will install and then start the program.

It will tell you to click on the Start button but there isn't one.

Instead click on the green arrowhead (looks like a Play button). Let it run for at least 20 seconds. Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

Click on the Drivers Tab. Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.

Click on the Processes tab then click on the "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column. Take a screen shot (save as type jpg) and attach it.

To attach a file:

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.

Only files with .txt, .jpg or .zip are allowed.

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

* Application

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button and wait.

Notepad will open with the output log.

Please copy and paste the Output log into your next reply

#3
Steviep

Posted 11 May 2024 - 06:29 AM

Member

Topic Starter
Member
420 posts

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 98.21 60 K 8 K 0

procexp64.exe 1.02 73,024 K 99,456 K 14144 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

explorer.exe 0.26 122,160 K 213,480 K 8628 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

dwm.exe 0.26 85,988 K 93,620 K 1424

Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs

System < 0.01 68 K 6,040 K 4

MsMpEng.exe < 0.01 388,276 K 350,328 K 4888 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher

nordvpn-service.exe < 0.01 136,692 K 104,268 K 3688 NordVPN nordvpn S.A. (Verified) nordvpn s.a.

csrss.exe < 0.01 3,172 K 5,840 K 940

MBAMService.exe < 0.01 238,820 K 220,504 K 5076 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Inc.

ctfmon.exe < 0.01 9,336 K 25,388 K 8024

cfbackd.w32.exe < 0.01 3,920 K 10,456 K 4360 DiskDrill service CleverFiles (Verified) CLEVERFILES INC.

chrome.exe < 0.01 67,968 K 154,356 K 12976 Google Chrome Google LLC (Verified) Google LLC

SDXHelper.exe < 0.01 14,540 K 27,344 K 13652 Microsoft Office SDX Helper Microsoft Corporation (Verified) Microsoft Corporation

services.exe < 0.01 5,916 K 9,408 K 1004

Malwarebytes.exe < 0.01 124,160 K 165,324 K 8656 Malwarebytes Malwarebytes (Verified) Malwarebytes Inc.

chrome.exe < 0.01 25,316 K 44,024 K 12624 Google Chrome Google LLC (Verified) Google LLC

TextInputHost.exe < 0.01 22,860 K 61,724 K 956 Microsoft Corporation (Verified) Microsoft Windows

svchost.exe < 0.01 6,756 K 13,900 K 12552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

WDDriveService.exe < 0.01 9,572 K 19,500 K 5032 WD Drive Service Western Digital Technologies, Inc. (Verified) Western Digital Technologies, Inc.

eEBSvc.exe < 0.01 5,128 K 7,528 K 4416 eEBAPI Core Process module SEIKO EPSON CORPORATION (No signature was present in the subject) SEIKO EPSON CORPORATION

OfficeClickToRun.exe < 0.01 43,624 K 68,532 K 4376 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation

svchost.exe < 0.01 7,472 K 14,744 K 1316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 9,784 K 26,192 K 1160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

csrss.exe < 0.01 2,480 K 5,304 K 844

svchost.exe < 0.01 6,296 K 15,580 K 1992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

msedge.exe < 0.01 32,076 K 60,556 K 1480 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

svchost.exe < 0.01 11,536 K 20,500 K 10132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 88,356 K 96,620 K 2684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 3,540 K 12,812 K 6048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

wmpnetwk.exe 7,740 K 23,628 K 7452 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows

WMIRegistrationService.exe 2,820 K 14,456 K 5008 Intel® Management Engine WMI Provider Registration Intel Corporation (Verified) Intel Corporation

WmiPrvSE.exe 6,180 K 16,612 K 6384

winlogon.exe 2,464 K 11,904 K 1036

wininit.exe 1,440 K 6,260 K 932

WidgetService.exe 4,328 K 19,232 K 8892 WidgetService.exe Microsoft Corporation (Verified) Microsoft Windows

Widgets.exe 8,480 K 39,372 K 13416 Microsoft Corporation (Verified) Microsoft Windows

UserOOBEBroker.exe 1,972 K 9,664 K 12828 User OOBE Broker Microsoft Corporation (Verified) Microsoft Windows

unsecapp.exe 1,376 K 7,212 K 7164

taskhostw.exe 6,120 K 16,088 K 8396 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

SystemSettings.exe Suspended 133,748 K 4,016 K 11464 Settings Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 3,244 K 9,108 K 3124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,836 K 17,436 K 4640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 8,368 K 30,760 K 8300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 18,856 K 23,704 K 3708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,816 K 11,252 K 10176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5,504 K 18,848 K 9172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,492 K 7,856 K 3904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,028 K 18,084 K 8504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 24,172 K 33,428 K 4396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,052 K 7,736 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 13,372 K 31,840 K 4476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,484 K 8,200 K 1360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,440 K 7,796 K 3772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 16,816 K 18,424 K 2376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,744 K 9,488 K 1832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,228 K 18,612 K 3992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,612 K 10,288 K 2868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,044 K 10,396 K 3776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,928 K 10,780 K 4624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,028 K 14,888 K 4352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,900 K 7,912 K 4152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 19,584 K 38,960 K 4404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,508 K 8,668 K 8784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,988 K 10,328 K 1892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,260 K 17,664 K 4932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,708 K 16,876 K 4576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,172 K 17,100 K 9980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,668 K 6,856 K 3768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,604 K 5,808 K 1628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,252 K 5,572 K 2700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,744 K 14,344 K 8668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 11,772 K 19,264 K 3332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,348 K 9,452 K 4720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,656 K 14,180 K 2180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,344 K 14,900 K 1520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,992 K 7,828 K 2692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,848 K 16,136 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,284 K 12,056 K 1704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,620 K 16,772 K 1816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,924 K 10,308 K 12344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,092 K 9,484 K 2412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,864 K 7,372 K 2992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,628 K 7,448 K 13780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5,852 K 20,072 K 13560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,140 K 5,012 K 1564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,840 K 7,492 K 1688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,572 K 11,496 K 1696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,340 K 9,840 K 1884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,312 K 6,300 K 2044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,464 K 5,484 K 824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,184 K 8,424 K 2404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,908 K 8,212 K 2860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,048 K 8,404 K 2984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,140 K 12,840 K 3404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,496 K 6,880 K 3432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,440 K 10,988 K 4016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,552 K 7,284 K 4076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,412 K 6,628 K 4328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,704 K 6,676 K 4728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,232 K 5,704 K 4864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,868 K 6,120 K 5984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,964 K 8,188 K 7784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,288 K 5,288 K 7788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,548 K 6,900 K 7800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,784 K 9,056 K 7904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,052 K 8,668 K 7440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,044 K 8,740 K 8232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,868 K 9,100 K 7060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,500 K 11,372 K 8440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,096 K 11,560 K 10036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,436 K 7,808 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,100 K 13,184 K 3876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,736 K 12,016 K 11176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,636 K 11,340 K 12992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,712 K 12,100 K 12608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,044 K 11,336 K 5088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,692 K 9,584 K 11148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,608 K 11,032 K 6468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

StartMenuExperienceHost.exe 70,364 K 98,008 K 9860 Windows Start Experience Host Microsoft Corporation (Verified) Microsoft Windows

spoolsv.exe 6,128 K 15,184 K 4056 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 1,116 K 1,200 K 592

smartscreen.exe 4,760 K 19,664 K 2544 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows

sihost.exe 6,300 K 31,784 K 4916 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ShellExperienceHost.exe Suspended 11,868 K 6,096 K 10364 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

SecurityHealthSystray.exe 1,812 K 10,144 K 1736 Windows Security notification icon Microsoft Corporation (Verified) Microsoft Windows

SecurityHealthService.exe 7,528 K 19,564 K 9436 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher

Secure System Suspended 188 K 24,208 K 92

SearchIndexer.exe 20,824 K 31,604 K 4920 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

SearchHost.exe Suspended 31,116 K 68,924 K 5620 Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 6,748 K 31,016 K 9812 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 4,208 K 24,352 K 8288 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 6,028 K 21,772 K 7700 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 2,400 K 13,848 K 11400 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RtkAudUService64.exe 2,236 K 9,864 K 4792 Realtek HD Audio Universal Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.

RstMwService.exe 1,608 K 7,084 K 4764 Intel® Rapid Storage Technology Management Service Intel Corporation (Verified) Intel® Rapid Storage Technology

Registry 15,020 K 51,200 K 136

procexp.exe 4,976 K 13,560 K 12080 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

PresentationFontCache.exe 24,896 K 18,000 K 8216 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation

PickerHost.exe 1,572 K 9,516 K 12856 File Picker UI Host Microsoft Corporation (Verified) Microsoft Windows

NordUpdateService.exe 131,828 K 65,108 K 4676 NordSec Update Service nordvpn S.A. (Verified) nordvpn s.a.

NisSrv.exe 5,140 K 11,912 K 11332 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher

msedgewebview2.exe Suspended 33,236 K 75,824 K 5052 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation

msedgewebview2.exe 2,076 K 6,948 K 10420 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation

msedgewebview2.exe Suspended 34,536 K 32,428 K 10808 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation

msedgewebview2.exe Suspended 11,968 K 29,236 K 10836 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation

msedgewebview2.exe Suspended 7,460 K 15,604 K 10876 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation

msedgewebview2.exe Suspended 54,992 K 45,160 K 11032 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 67,616 K 146,500 K 10280 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 14,944 K 39,284 K 6720 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 51,024 K 85,684 K 9004 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 85,192 K 124,264 K 1748 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 6,964 K 18,448 K 8804 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 17,416 K 27,028 K 9564 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 6,924 K 18,344 K 15336 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 8,020 K 22,608 K 5188 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 23,824 K 43,092 K 14564 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

msedge.exe 2,048 K 8,048 K 13764 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

MpDefenderCoreService.exe 10,168 K 22,288 K 4668 Antimalware Core Service Microsoft Corporation (Verified) Microsoft Windows Publisher

Memory Compression 724 K 172,416 K 2832

mDNSResponder.exe 1,808 K 6,884 K 4336 Bonjour Service Apple Inc. (Verified) Apple Inc.

lsass.exe 10,124 K 23,180 K 728 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher

LsaIso.exe 1,044 K 3,528 K 356

LocationNotificationWindows.exe 1,924 K 3,004 K 10980 Location Notification Microsoft Corporation (Verified) Microsoft Windows

LMS.exe 2,936 K 12,688 K 4692 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation

jhi_service.exe 1,332 K 6,488 K 5168 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel® Embedded Subsystems and IP Blocks Group

IntelCpHeciSvc.exe 1,476 K 7,524 K 5212 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX

IntelCpHDCPSvc.exe 1,504 K 7,672 K 4368 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel® pGFX

igfxEM.exe 5,536 K 23,064 K 9232 igfxEM Module Intel Corporation (Verified) Intel® pGFX

igfxCUIService.exe 1,888 K 8,948 K 2948 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX

IAStorDataMgrSvc.exe 41,500 K 60,988 K 9424 IAStorDataSvc Intel Corporation (Verified) Intel® Rapid Storage Technology

fontdrvhost.exe 3,644 K 6,832 K 1208

fontdrvhost.exe 2,020 K 3,596 K 1200

EvtEng.exe 5,052 K 14,296 K 4544 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel® Wireless Connectivity Solutions

escsvc64.exe 1,392 K 7,708 K 5492 Epson Scanner Service (64bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation

E_S50RPB.EXE 1,084 K 5,256 K 4492

dasHost.exe 8,484 K 20,688 K 2632

chrome.exe 78,432 K 118,176 K 14324 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 26,856 K 59,536 K 14728 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 18,172 K 23,148 K 11836 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 24,116 K 43,864 K 14540 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 18,348 K 23,812 K 11640 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 120,344 K 125,248 K 12892 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 20,144 K 28,476 K 10572 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 6,708 K 9,124 K 12568 Google Chrome Google LLC (Verified) Google LLC

backgroundTaskHost.exe Suspended 3,512 K 2,012 K 4812 Background Task Host Microsoft Corporation (Verified) Microsoft Windows

ApplicationFrameHost.exe 10,044 K 30,728 K 13760 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

AggregatorHost.exe 2,188 K 8,428 K 8012

#4
Steviep

Posted 11 May 2024 - 06:34 AM

Member

Topic Starter
Member
420 posts

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

Secure System 92 N/A

Registry 136 N/A

smss.exe 592 N/A

csrss.exe 844 N/A

wininit.exe 932 N/A

csrss.exe 940 N/A

services.exe 1004 N/A

LsaIso.exe 356 N/A

lsass.exe 728 KeyIso, SamSs, VaultSvc

winlogon.exe 1036 N/A

svchost.exe 1160 BrokerInfrastructure, DcomLaunch, PlugPlay,

Power, SystemEventsBroker

fontdrvhost.exe 1200 N/A

fontdrvhost.exe 1208 N/A

svchost.exe 1316 RpcEptMapper, RpcSs

svchost.exe 1360 LSM

dwm.exe 1424 N/A

svchost.exe 1564 HvHost

svchost.exe 1628 CoreMessagingRegistrar

svchost.exe 1688 BTAGService

svchost.exe 1696 BthAvctpSvc

svchost.exe 1704 bthserv

svchost.exe 1816 Schedule

svchost.exe 1832 nsi

svchost.exe 1884 ProfSvc

svchost.exe 1892 NcbService

svchost.exe 1992 netprofm

svchost.exe 2044 DispBrokerDesktopSvc

svchost.exe 824 hidserv

svchost.exe 1520 UserManager

svchost.exe 2180 camsvc

svchost.exe 2356 Dnscache

svchost.exe 2376 EventLog

svchost.exe 2404 DeviceAssociationService

svchost.exe 2412 TimeBrokerSvc

dasHost.exe 2632 N/A

svchost.exe 2684 SysMain

svchost.exe 2692 EventSystem

svchost.exe 2700 Themes

Memory Compression 2832 N/A

svchost.exe 2860 SENS

svchost.exe 2868 hns

igfxCUIService.exe 2948 igfxCUIService2.0.0.0

svchost.exe 2984 AudioEndpointBuilder

svchost.exe 2992 FontCache

svchost.exe 3124 SSDPSRV

svchost.exe 3332 StateRepository

svchost.exe 3404 Audiosrv

svchost.exe 3432 TextInputManagementService

svchost.exe 3768 DusmSvc

svchost.exe 3772 Dhcp

svchost.exe 3776 Wcmsvc

svchost.exe 3904 WinHttpAutoProxySvc

svchost.exe 3992 WlanSvc

svchost.exe 4016 ShellHWDetection

spoolsv.exe 4056 Spooler

svchost.exe 4076 nvagent

nordvpn-service.exe 3688 nordvpn-service

svchost.exe 3708 BFE, mpssvc

svchost.exe 4152 LanmanWorkstation

svchost.exe 4328 SharedAccess

mDNSResponder.exe 4336 Bonjour Service

svchost.exe 4352 CryptSvc

cfbackd.w32.exe 4360 cfbackd

IntelCpHDCPSvc.exe 4368 cplspcon

OfficeClickToRun.exe 4376 ClickToRunSvc

svchost.exe 4396 DPS

svchost.exe 4404 DiagTrack

eEBSvc.exe 4416 EpsonBidirectionalService

E_S50RPB.EXE 4492 EPSON_PM_RPCV4_04

EvtEng.exe 4544 EvtEng

svchost.exe 4624 iphlpsvc

svchost.exe 4640 Winmgmt

MpDefenderCoreService.exe 4668 MDCoreSvc

NordUpdateService.exe 4676 NordUpdaterService

LMS.exe 4692 LMS

svchost.exe 4720 LanmanServer

svchost.exe 4728 SstpSvc

RstMwService.exe 4764 RstMwService

RtkAudUService64.exe 4792 RtkAudioUniversalService

svchost.exe 4864 TrkWks

MsMpEng.exe 4888 WinDefend

SearchIndexer.exe 4920 WSearch

svchost.exe 4932 WpnService

WMIRegistrationService.ex 5008 WMIRegistrationService

WDDriveService.exe 5032 WDDriveService

MBAMService.exe 5076 MBAMService

jhi_service.exe 5168 jhi_service

IntelCpHeciSvc.exe 5212 cphs

escsvc64.exe 5492 EpsonScanSvc

svchost.exe 5984 WdiSystemHost

svchost.exe 6048 RasMan

unsecapp.exe 7164 N/A

WmiPrvSE.exe 6384 N/A

wmpnetwk.exe 7452 WMPNetworkSvc

svchost.exe 7788 lmhosts

svchost.exe 7784 NcdAutoSetup

svchost.exe 7800 fdPHost

svchost.exe 7904 FDResPub

AggregatorHost.exe 8012 N/A

sihost.exe 4916 N/A

svchost.exe 7440 BluetoothUserService_a8c0c

svchost.exe 4476 CDPUserSvc_a8c0c

PresentationFontCache.exe 8216 FontCache3.0.0.0

svchost.exe 8232 webthreatdefusersvc_a8c0c

svchost.exe 8300 WpnUserService_a8c0c

taskhostw.exe 8396 N/A

svchost.exe 8504 TokenBroker

svchost.exe 8668 UsoSvc

svchost.exe 8784 RmSvc

explorer.exe 8628 N/A

svchost.exe 7060 NgcSvc

svchost.exe 8440 NgcCtnrSvc

svchost.exe 9172 CDPSvc

igfxEM.exe 9232 N/A

svchost.exe 9980 cbdhsvc_a8c0c

svchost.exe 10036 Appinfo

svchost.exe 10176 upnphost

SearchHost.exe 5620 N/A

StartMenuExperienceHost.e 9860 N/A

RuntimeBroker.exe 9812 N/A

TextInputHost.exe 956 N/A

RuntimeBroker.exe 8288 N/A

svchost.exe 1440 UdkUserSvc_a8c0c

msedgewebview2.exe 5052 N/A

WidgetService.exe 8892 N/A

svchost.exe 4576 lfsvc

ctfmon.exe 8024 N/A

svchost.exe 10132 DoSvc

msedgewebview2.exe 10420 N/A

msedgewebview2.exe 10808 N/A

msedgewebview2.exe 10836 N/A

msedgewebview2.exe 10876 N/A

LocationNotificationWindo 10980 N/A

msedgewebview2.exe 11032 N/A

svchost.exe 3876 OneSyncSvc_a8c0c

IAStorDataMgrSvc.exe 9424 IAStorDataMgrSvc

svchost.exe 11176 StorSvc

NisSrv.exe 11332 WdNisSvc

SecurityHealthSystray.exe 1736 N/A

SecurityHealthService.exe 9436 SecurityHealthService

Malwarebytes.exe 8656 N/A

svchost.exe 12552 webthreatdefsvc

chrome.exe 12976 N/A

svchost.exe 12992 PcaSvc

chrome.exe 12568 N/A

chrome.exe 12892 N/A

chrome.exe 12624 N/A

chrome.exe 11640 N/A

svchost.exe 12608 InventorySvc

svchost.exe 13560 InstallService

svchost.exe 13780 W32Time

chrome.exe 14324 N/A

chrome.exe 11836 N/A

svchost.exe 12344 wscsvc

ShellExperienceHost.exe 10364 N/A

RuntimeBroker.exe 11400 N/A

Widgets.exe 13416 N/A

svchost.exe 5088 NPSMSvc_a8c0c

svchost.exe 1584 LicenseManager

chrome.exe 14540 N/A

ApplicationFrameHost.exe 13760 N/A

SystemSettings.exe 11464 N/A

svchost.exe 11148 DevicesFlowUserSvc_a8c0c

UserOOBEBroker.exe 12828 N/A

SDXHelper.exe 13652 N/A

chrome.exe 14728 N/A

svchost.exe 6468 DsSvc

backgroundTaskHost.exe 4812 N/A

msedge.exe 10280 N/A

msedge.exe 13764 N/A

msedge.exe 14564 N/A

msedge.exe 6720 N/A

msedge.exe 15336 N/A

msedge.exe 1748 N/A

msedge.exe 1480 N/A

msedge.exe 9004 N/A

msedge.exe 8804 N/A

msedge.exe 5188 N/A

RuntimeBroker.exe 7700 N/A

PickerHost.exe 12856 N/A

smartscreen.exe 2544 N/A

dllhost.exe 13484 N/A

chrome.exe 12904 N/A

chrome.exe 10148 N/A

chrome.exe 3888 N/A

svchost.exe 6100 gpsvc

msedge.exe 10028 N/A

svchost.exe 8616 wlidsvc

RuntimeBroker.exe 6116 N/A

audiodg.exe 14052 N/A

cmd.exe 8472 N/A

conhost.exe 836 N/A

tasklist.exe 13712 N/A

WmiPrvSE.exe 1940 N/A

#5
Steviep

Posted 11 May 2024 - 06:39 AM

Member

Topic Starter
Member
420 posts

_________________________________________________________________________________________________________

CONCLUSION

_________________________________________________________________________________________________________

Your system appears to be suitable for handling real-time audio and other tasks without dropouts.

LatencyMon has been analyzing your system for 0:00:33 (h:mm:ss) on all processors.

_________________________________________________________________________________________________________

SYSTEM INFORMATION

_________________________________________________________________________________________________________

Computer name: DESKTOP-T3QOQ8M

OS version: Windows 11, 10.0, version 2009, build: 22631 (x64)

Hardware: Carlos, Acer

BIOS: R01-C3

CPU: GenuineIntel Intel® Core™ i5-8400 CPU @ 2.80GHz

Logical processors: 6

Processor groups: 1

Processor group size: 6

RAM: 8069 MB total

_________________________________________________________________________________________________________

CPU SPEED

_________________________________________________________________________________________________________

Reported CPU speed (WMI): 2808 MHz

Reported CPU speed (registry): 2808 MHz

Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.

_________________________________________________________________________________________________________

MEASURED INTERRUPT TO USER PROCESS LATENCIES

_________________________________________________________________________________________________________

The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

Highest measured interrupt to process latency (µs): 105.0

Average measured interrupt to process latency (µs): 9.623005

Highest measured interrupt to DPC latency (µs): 87.10

Average measured interrupt to DPC latency (µs): 3.321958

_________________________________________________________________________________________________________

REPORTED ISRs

_________________________________________________________________________________________________________

Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

Highest ISR routine execution time (µs): 83.010684

Driver with highest ISR routine execution time: HDAudBus.sys - High Definition Audio Bus Driver, Microsoft Corporation

Highest reported total ISR routine time (%): 0.002143

Driver with highest ISR total time: HDAudBus.sys - High Definition Audio Bus Driver, Microsoft Corporation

Total time spent in ISRs (%) 0.002379

ISR count (execution time <250 µs): 371

ISR count (execution time 250-500 µs): 0

ISR count (execution time 500-1000 µs): 0

ISR count (execution time 1000-2000 µs): 0

ISR count (execution time 2000-4000 µs): 0

ISR count (execution time >=4000 µs): 0

_________________________________________________________________________________________________________

REPORTED DPCs

_________________________________________________________________________________________________________

DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

Highest DPC routine execution time (µs): 143.920228

Driver with highest DPC routine execution time: tcpip.sys - TCP/IP Driver, Microsoft Corporation

Highest reported total DPC routine time (%): 0.015517

Driver with highest DPC total execution time: rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.

Total time spent in DPCs (%) 0.051963

DPC count (execution time <250 µs): 19501

DPC count (execution time 250-500 µs): 0

DPC count (execution time 500-10000 µs): 0

DPC count (execution time 1000-2000 µs): 0

DPC count (execution time 2000-4000 µs): 0

DPC count (execution time >=4000 µs): 0

_________________________________________________________________________________________________________

REPORTED HARD PAGEFAULTS

_________________________________________________________________________________________________________

Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

Process with highest pagefault count: msmpeng.exe

Total number of hard pagefaults 54

Hard pagefault count of hardest hit process: 43

Number of processes hit: 7

_________________________________________________________________________________________________________

PER CPU DATA

_________________________________________________________________________________________________________

CPU 0 Interrupt cycle time (s): 0.539306

CPU 0 ISR highest execution time (µs): 83.010684

CPU 0 ISR total execution time (s): 0.004771

CPU 0 ISR count: 371

CPU 0 DPC highest execution time (µs): 82.857194

CPU 0 DPC total execution time (s): 0.094024

CPU 0 DPC count: 18801

_________________________________________________________________________________________________________

CPU 1 Interrupt cycle time (s): 0.304284

CPU 1 ISR highest execution time (µs): 0.0

CPU 1 ISR total execution time (s): 0.0

CPU 1 ISR count: 0

CPU 1 DPC highest execution time (µs): 143.920228

CPU 1 DPC total execution time (s): 0.007240

CPU 1 DPC count: 420

_________________________________________________________________________________________________________

CPU 2 Interrupt cycle time (s): 0.155485

CPU 2 ISR highest execution time (µs): 0.0

CPU 2 ISR total execution time (s): 0.0

CPU 2 ISR count: 0

CPU 2 DPC highest execution time (µs): 40.839031

CPU 2 DPC total execution time (s): 0.000359

CPU 2 DPC count: 36

_________________________________________________________________________________________________________

CPU 3 Interrupt cycle time (s): 0.098933

CPU 3 ISR highest execution time (µs): 0.0

CPU 3 ISR total execution time (s): 0.0

CPU 3 ISR count: 0

CPU 3 DPC highest execution time (µs): 25.199786

CPU 3 DPC total execution time (s): 0.000244

CPU 3 DPC count: 33

_________________________________________________________________________________________________________

CPU 4 Interrupt cycle time (s): 0.112668

CPU 4 ISR highest execution time (µs): 0.0

CPU 4 ISR total execution time (s): 0.0

CPU 4 ISR count: 0

CPU 4 DPC highest execution time (µs): 36.835470

CPU 4 DPC total execution time (s): 0.000423

CPU 4 DPC count: 48

_________________________________________________________________________________________________________

CPU 5 Interrupt cycle time (s): 0.111194

CPU 5 ISR highest execution time (µs): 0.0

CPU 5 ISR total execution time (s): 0.0

CPU 5 ISR count: 0

CPU 5 DPC highest execution time (µs): 108.989672

CPU 5 DPC total execution time (s): 0.001912

CPU 5 DPC count: 163

_________________________________________________________________________________________________________

#6
Steviep

Posted 11 May 2024 - 06:59 AM

Member

Topic Starter
Member
420 posts

Here is the Drivers Screen print

Attached Thumbnails

Edited by Steviep, 11 May 2024 - 06:59 AM.

#7
Steviep

Posted 11 May 2024 - 07:02 AM

Member

Topic Starter
Member
420 posts

Processes Screen print

Attached Thumbnails

#8
Steviep

Posted 11 May 2024 - 07:04 AM

Member

Topic Starter
Member
420 posts

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 11/05/2024 14:04:02

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:26:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:26:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:23:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:11:02

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:11:02

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:04:32

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 18:19:07

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 18:19:07

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 18:19:07

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 18:18:03

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 18:18:03

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 18:14:27

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 17:40:37

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 17:40:37

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 11/05/2024 08:16:33

Type: Error Category: 0

Event: 7022 Source: Service Control Manager

The Downloaded Maps Manager service did not respond on starting.

Log: 'System' Date/Time: 10/05/2024 19:26:34

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 10/05/2024 19:26:31

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:10

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 10/05/2024 19:25:36

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service GoogleChromeElevationService with arguments "Unavailable" in order to run the server: {708860E0-F641-4611-8895-7D867DD3675B}

Log: 'System' Date/Time: 10/05/2024 19:25:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 10/05/2024 19:25:12

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:25:10

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration

Log: 'System' Date/Time: 10/05/2024 19:25:10

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration

Log: 'System' Date/Time: 10/05/2024 19:25:10

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 11/05/2024 12:41:25

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DESKTOP-T3QOQ8M\steven SID (S-1-5-21-1741543102-3776721137-2454621359-1001) from address LocalHost (Using LRPC) running in the application container MicrosoftWindows.Client.CBS_1000.22688.1000.0_x64__cw5n1h2txyewy SID (S-1-15-2-283421221-3183566570-1718213290-751554359-3541592344-2312209569-3374928651). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 11/05/2024 08:17:48

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 11/05/2024 08:17:48

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 11/05/2024 08:17:48

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.SecurityAppBroker and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 11/05/2024 08:14:00

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 11/05/2024 08:14:00

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 11/05/2024 08:14:00

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 11/05/2024 08:14:00

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 11/05/2024 08:12:13

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 11/05/2024 08:12:13

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 11/05/2024 08:12:07

Type: Warning Category: 0

Event: 6062 Source: Netwtw08

6062 - Lso was triggered

Log: 'System' Date/Time: 11/05/2024 08:12:00

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Log: 'System' Date/Time: 11/05/2024 08:11:58

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 11/05/2024 08:11:58

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 11/05/2024 08:11:58

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 11/05/2024 08:11:54

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: msv1_0

Log: 'System' Date/Time: 11/05/2024 08:11:54

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: sfapm

Log: 'System' Date/Time: 11/05/2024 08:11:54

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: schannel

Log: 'System' Date/Time: 11/05/2024 08:11:54

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: wdigest

Log: 'System' Date/Time: 11/05/2024 08:11:54

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: cloudap

#9
RKinner

Posted 11 May 2024 - 08:56 PM

Malware Expert

Expert
24,730 posts

I don't see much. Process Explorer shows the CPU is not overloaded. Latency Monitor says things are good but your driver and process screenshots are hard to read but I think they are OK. The main problem appears to be a bunch of services which are not starting when they should.

Log: 'System' Date/Time: 11/05/2024 08:16:33

Type: Error Category: 0

Event: 7022 Source: Service Control Manager

The Downloaded Maps Manager service did not respond on starting.

Log: 'System' Date/Time: 10/05/2024 19:26:34

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 10/05/2024 19:26:31

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Also a problem with MBAM:

Log: 'System' Date/Time: 11/05/2024 08:14:00

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'MBAMFarflt' (Version 10.0, ?2024?-?04?-?08T14:14:19.000000000Z) does not support bypass IO. Supported features: 0x4.

We can live without MBAM for now so just uninstall it.

Let's run SFC and DISM and see if that clears up the services"

Search for

cmd

It will find Command Prompt. Right click on it and Run as Admin.

Type:

DISM  /Online  /Cleanup-Image  /RestoreHealth

(I use two spaces so you can be sure to see where one space goes.)

Hit Enter. This will take a while (10-20 minutes) to complete. Once the prompt returns:

Reboot. Open an elevated Command Prompt again and type (with an Enter after the line):

SFC /scannow

hit Enter. Should take about 10 minutes to complete.

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)

Windows Resource Protection found corrupt files and repaired them (a good thing)

Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

(Rather than type the command you can highlight and copy it (Ctrl +c) and then move to the Command Prompt and right click)

Hit Enter. Then type::

notepad %UserProfile%\desktop\junk.txt

Hit Enter. Notepad should open with the results of the findstr. Copy and paste to a Reply.

Return to the Command Prompt and type:

FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

Hit Enter.

Now reboot and wait a few minutes for things to stabilize then run VEW.exe again as before and post the log.

Let look at your Disk and Internet usage Search for

task manager

and hit Enter.

Click on

More Details

then click on the Performance tab.

Process Explorer says your CPU usage was minimal so I expect that is what you will see on this tab but check the Disk 0. It should also be fairly low. Just a few percent. I have seen systems where logging was turned on and that really slowed things down and the only clue was a high disk usage.

Also check the Ethernet usage. Again should be minimal at this time.

If anything is not minimal except Memory which should be stable at 40-50% then click on Open Resource Monitor. That will let us see what programs are the big users.

Finally open a browser and go to:

https://www.speedtest.net/

Hit GO.

Report the Download and Upload Mbps figures that you get. Are these about what you pay for?

(Rather than type the command you can highlight and copy it (Ctrl +c) and then move to the Command Prompt and right click)

#10
DR M

Posted 12 May 2024 - 02:31 AM

The Grecian Geek

Malware Removal
4,416 posts

RKinner,

Apologies for jumping in to the topic.

Just a reminder:

We already run DISM and SFC. Some corrupted files were fixed. In addition to that, after that, we performed an in-place upgrade. So, this step is already covered.

As to the MBAM related "error", is not something to worry about. It is a common warning, but not an error. See here: 'MBAMFarflt' Bypass IO - Malwarebytes for Windows Support Forum - Malwarebytes Forums

Just an idea:

Since there is nothing else obvious, I would think about update the BIOS.

#11
RKinner

Posted 12 May 2024 - 03:41 AM

Malware Expert

Expert
24,730 posts

after that, we performed an in-place upgrade.

An in-place upgrade means lots of changes to the system files and there is always a chance for something to go wrong. I still want DISM and SPC to be run. If that doesn't help with the services that aren't running then we have to look at each service individually which is a pain especially since we can't used FRST in this forum.

#12
Steviep

Posted 12 May 2024 - 04:13 AM

Member

Topic Starter
Member
420 posts

HI,

I have removed MBAM, I have run SFC and DISM and got the message Windows Resource Protection found corrupt files and repaired them. Here is the Log for VEW:

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 12/05/2024 11:00:38

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 12/05/2024 09:55:28

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 09:55:28

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 09:55:28

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 08:33:22

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 08:33:22

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 08:33:22

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 07:21:23

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 07:21:23

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 07:21:23

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:26:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:26:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:23:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:11:02

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:11:02

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 12/05/2024 08:32:19

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.

Log: 'System' Date/Time: 11/05/2024 18:50:51

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.

Log: 'System' Date/Time: 11/05/2024 08:16:33

Type: Error Category: 0

Event: 7022 Source: Service Control Manager

The Downloaded Maps Manager service did not respond on starting.

Log: 'System' Date/Time: 10/05/2024 19:26:34

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 10/05/2024 19:26:31

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:10

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 10/05/2024 19:25:36

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service GoogleChromeElevationService with arguments "Unavailable" in order to run the server: {708860E0-F641-4611-8895-7D867DD3675B}

Log: 'System' Date/Time: 10/05/2024 19:25:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 10/05/2024 19:25:12

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:25:10

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 12/05/2024 09:58:53

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:58:53

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:58:53

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:55:36

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:55:36

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:55:29

Type: Warning Category: 0

Event: 6062 Source: Netwtw08

6062 - Lso was triggered

Log: 'System' Date/Time: 12/05/2024 09:55:22

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Log: 'System' Date/Time: 12/05/2024 09:55:21

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 12/05/2024 09:55:21

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 12/05/2024 09:55:21

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: msv1_0

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: sfapm

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: schannel

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: wdigest

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: cloudap

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: pku2u

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: tspkg

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: msv1_0

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: kerberos

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: negoexts

Process Explorer says your CPU usage was minimal so I expect that is what you will see on this tab says 4% but check the Disk 0 - says 1% Memory is stable at 54%

Speedtest show that download speed is 138.38mbps and upload is 19.91 mbps which is better than what I pay for

#13
RKinner

Posted 12 May 2024 - 08:14 PM

Malware Expert

Expert
24,730 posts

Looks like you skipped this line:

FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

All it does is remove the old events to make it easier to see the new one but going by the dates SFC/DISM did help a lot. I only see these from May 12:

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.

Log: 'System' Date/Time: 11/05/2024 18:50:51

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.

Log: 'System' Date/Time: 11/05/2024 08:16:33

Type: Error Category: 0

Event: 7022 Source: Service Control Manager

The Downloaded Maps Manager service did not respond on starting.

The top two are NordVPN so I expect it need to be removed and reinstalled or perhaps it has a Repair option or maybe you could just remove it for now. (A VPN will slow down the PC if it runs all of the time and not just when you want to do something with a browser.)

The last one Downloaded Maps Manager service is

"Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps."

This is not a critical service and I really don't see the point of it (It is disabled on my PC) so I would suggest you search for

services.msc

and hit Enter.

This will bring up the Services menu. Scroll down to Downloaded Maps Manager and right click on it. Select Properties. Change the Startup Type: to Disabled then OK.

I also see some odd lSA errors. These are supposed to be caused by a bug in one of the recent updates. There is a workaround if you want to try it:

https://www.minitool...s-expected.html

Unless you are having trouble connecting I wouldn't worry about

Finally I see Intel is up to their old tricks again:

Log: 'Application' Date/Time: 12/05/2024 09:55:28

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Intel makes good hardware but their software is buggy. This is probably from

Intel® Management Engine so I would try the latest version:

https://www.intel.co...nagement Engine

You might see if they have other new drivers for you using their autoupdate software.

https://www.intel.co...enter/home.html

If you do use it be sure to uninstall it after you download any drivers it finds.

One critical driver is the

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.0.2.1086 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{64A94A93-B0C4-4B16-8CDC-FDB06E8CC306}) (Version: 16.0.2.1086 - Intel Corporation) Hidden

This is the interface between the hard drive and CPU so can be a problem if not working correctly. I'm not sure if the update software covers IRST or not. IF not you can try to install a newer version:

https://www.intel.co...chnology driver

It won't install if it's not the right software or you have a different generation than 10 or 11.

When done with the above, open an Admin Command Prompt as before and type or copy and paste:

FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

Hit Enter. Should take a minute or so to finish. When the prompt returns close all programs and reboot then run VEW again.

#14
Steviep

Posted 13 May 2024 - 02:26 AM

Member

Topic Starter
Member
420 posts

Morning,

Thank you again for taking the time to help with this.

I have uninstalled NORD and disabled the Downloaded Maps Manager. I have downloaded the latest Intel® Management Engine although I'm not sure if there is something I need to do with it or does it just work away in the background?, I have tried downloading the auto update software but get this message "The requested URL was rejected. Please consult with your administrator.

Your support ID is: 15897916692855517924" and I have updated the Intel® Rapid Storage Technology.

Here is the latest VEW Log:

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 12/05/2024 11:00:38

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Log: 'Application' Date/Time: 09/05/2024 23:19:38

Type: Error Category: 0

Event: 24 Source: Microsoft-Windows-WMI

Event provider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 12/05/2024 09:55:28

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 09:55:28

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 09:55:28

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 08:33:22

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 08:33:22

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 08:33:22

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 07:21:23

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 07:21:23

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 12/05/2024 07:21:23

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 11/05/2024 08:12:08

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:26:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:26:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:23:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:12:03

Type: Warning Category: 0

Event: 63 Source: Microsoft-Windows-WMI

Log: 'Application' Date/Time: 10/05/2024 19:11:02

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 10/05/2024 19:11:02

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 12/05/2024 08:32:19

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.

Log: 'System' Date/Time: 11/05/2024 18:50:51

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.

Log: 'System' Date/Time: 11/05/2024 08:16:33

Type: Error Category: 0

Event: 7022 Source: Service Control Manager

The Downloaded Maps Manager service did not respond on starting.

Log: 'System' Date/Time: 10/05/2024 19:26:34

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 10/05/2024 19:26:31

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator

Log: 'System' Date/Time: 10/05/2024 19:26:10

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Log: 'System' Date/Time: 10/05/2024 19:25:36

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service GoogleChromeElevationService with arguments "Unavailable" in order to run the server: {708860E0-F641-4611-8895-7D867DD3675B}

Log: 'System' Date/Time: 10/05/2024 19:25:30

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 10/05/2024 19:25:12

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess

Log: 'System' Date/Time: 10/05/2024 19:25:10

Type: Error Category: 0

Event: 10005 Source: Microsoft-Windows-DistributedCOM

DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 12/05/2024 09:58:53

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:58:53

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:58:53

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:55:36

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:55:36

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 12/05/2024 09:55:29

Type: Warning Category: 0

Event: 6062 Source: Netwtw08

6062 - Lso was triggered

Log: 'System' Date/Time: 12/05/2024 09:55:22

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll

Log: 'System' Date/Time: 12/05/2024 09:55:21

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 12/05/2024 09:55:21

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 12/05/2024 09:55:21

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-FilterManager

File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: msv1_0

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: sfapm

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: schannel

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: wdigest

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: cloudap

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: pku2u

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: tspkg

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: msv1_0

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: kerberos

Log: 'System' Date/Time: 12/05/2024 09:55:17

Type: Warning Category: 0

Event: 6155 Source: LsaSrv

LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard. PackageName: negoexts

#15
RKinner

Posted 13 May 2024 - 05:06 AM

Malware Expert

Expert
24,730 posts

The Intel Management Engine is unfortunately included with the CPU. It's main purpose is to allow large corporations to control their PCs remotely. You can uninstall the software but that triggers an error too and right now I'm trying to eliminate as many errors as possible.

Go to Settings, Update and Security. Check for Updates (even if it says there are none because it checked recently). Are there any updates? Make sure all updates install and that Check for Updates reports no more updates. There have been a few updates recently that tend to fail and then reinstall over and over which takes a toll on the PC.

I'm having trouble identifying new events because of all of the old events but it looks like we are making progress.

Since we can't seem to clear the events the easy way let's try doing it manually.

Search for

and hit Enter.

That should bring up the Event Viewer.

Click on the arrow in front of Windows Logs Right click on System and Clear Log, Click on Clear.

Repeat for Application.

Reboot.

Run VEW again as before and post the log.