Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very Slow System- Painfully Slow at start up


  • Please log in to reply

#16
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 420 posts

I've got this update showing 2024-04 Cumulative Update Preview for Windows 11 Version 23H2 for x64-based Systems (KB5036980)

 

Intel - net - 23.40.0.4

 

2024-04 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2 for x64 (KB5037591)

 

Intel Corporation - Bluetooth - 23.40.0.2


Edited by Steviep, 13 May 2024 - 06:00 AM.

  • 0

Advertisements


#17
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 420 posts

Trying this one for a 2nd time 2024-04 Cumulative Update Preview for Windows 11 Version 23H2 for x64-based Systems (KB5036980)

 

The other 3 appear to have updated


  • 0

#18
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 420 posts

Installed all updates, here is the Vew Log:

 

 Vino's Event Viewer v01c run on Windows 7 in English

Report run at 12/05/2024 11:00:38
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Log: 'Application' Date/Time: 09/05/2024 23:19:38
Type: Error Category: 0
Event: 24 Source: Microsoft-Windows-WMI
Event provider  attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 09:55:28
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 08:33:22
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 12/05/2024 07:21:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 11/05/2024 08:12:08
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:26:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:26:35
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:23:08
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:12:03
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 10/05/2024 19:11:02
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 10/05/2024 19:11:02
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/05/2024 08:32:19
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.
 
Log: 'System' Date/Time: 11/05/2024 18:50:51
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nordvpn-service service.
 
Log: 'System' Date/Time: 11/05/2024 08:16:33
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service did not respond on starting. 
 
Log: 'System' Date/Time: 10/05/2024 19:26:34
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:26:31
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service UdkUserSvc_4d826 with arguments "Unavailable" in order to run the server: WindowsUdk.UI.Shell.ViewCoordinator
 
Log: 'System' Date/Time: 10/05/2024 19:26:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Log: 'System' Date/Time: 10/05/2024 19:25:36
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service GoogleChromeElevationService with arguments "Unavailable" in order to run the server: {708860E0-F641-4611-8895-7D867DD3675B}
 
Log: 'System' Date/Time: 10/05/2024 19:25:30
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
Log: 'System' Date/Time: 10/05/2024 19:25:12
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server: Windows.Internal.CapabilityAccess.CapabilityAccess
 
Log: 'System' Date/Time: 10/05/2024 19:25:10
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:58:53
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:36
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:36
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 12/05/2024 09:55:29
Type: Warning Category: 0
Event: 6062 Source: Netwtw08
6062 - Lso was triggered
 
Log: 'System' Date/Time: 12/05/2024 09:55:22
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll 
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:21
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: sfapm
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: schannel
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: wdigest
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: cloudap
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: pku2u
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: tspkg
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: kerberos
 
Log: 'System' Date/Time: 12/05/2024 09:55:17
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: negoexts

  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP
Report run at 12/05/2024 

 

 

I think you got an old log.  Should be 13/05/20224.  Can you delete all old logs and rerun VEW.  (Remember to right click and Run As Admin)


  • 0

#20
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 420 posts

I'm so sorry about that

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/05/2024 17:26:17
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/05/2024 16:21:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 13/05/2024 16:21:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 13/05/2024 16:21:32
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 13/05/2024 13:24:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 13/05/2024 13:24:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 13/05/2024 13:24:45
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/05/2024 16:23:55
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 16:23:55
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 16:23:55
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 16:21:40
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 16:21:40
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 16:21:33
Type: Warning Category: 0
Event: 6062 Source: Netwtw08
6062 - Lso was triggered
 
Log: 'System' Date/Time: 13/05/2024 16:21:22
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll 
 
Log: 'System' Date/Time: 13/05/2024 16:21:04
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 13/05/2024 16:21:04
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 13/05/2024 16:21:04
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 13/05/2024 16:21:04
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: sfapm
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: schannel
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: wdigest
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: cloudap
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: pku2u
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: tspkg
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 13/05/2024 16:20:50
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: kerberos

  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP
Log: 'System' Date/Time: 13/05/2024 16:21:33
Type: Warning Category: 0
Event: 6062 Source: Netwtw08
6062 - Lso was triggered

 

 

See if you can get this update:

https://www.intel.co...reless Software

 

Log: 'System' Date/Time: 13/05/2024 16:21:04
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 

 

 

This is from some third party software.  Probably Jukebox Player or AppWave Player.  In either case Version 6.1 is an older version so if you still have one of these on your PC it needs to be updated.  If you had it and uninstalled it then we may have to delve deeper.

 

If you are able to update the intel PROset software then clear the events as before and rerun VEW and post the log.

 

How is the system doing?  Any improvement?


  • 0

#22
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 420 posts

Hi,

 

I'm not aware of having used Jukebox Player or Appwave Player before.

 

I have updated the IntelPROset software and have attached the logs from Vew:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/05/2024 20:32:15
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/05/2024 19:27:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 13/05/2024 19:27:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
Log: 'Application' Date/Time: 13/05/2024 19:27:23
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/05/2024 19:30:55
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 19:30:55
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.SecurityAppBroker  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 19:30:55
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 19:27:32
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 19:27:32
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 13/05/2024 19:27:25
Type: Warning Category: 0
Event: 6062 Source: Netwtw08
6062 - Lso was triggered
 
Log: 'System' Date/Time: 13/05/2024 19:27:14
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\IntelIHVRouter08.dll 
 
Log: 'System' Date/Time: 13/05/2024 19:27:10
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 13/05/2024 19:27:10
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 13/05/2024 19:27:10
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 13/05/2024 19:27:10
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-FilterManager
File System Filter 'StreamingFSD' (Version 6.1, ?2018?-?01?-?06T06:53:43.000000000Z) does not support bypass IO. Supported features: 0x4.
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: sfapm
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: schannel
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: wdigest
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: cloudap
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: pku2u
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: tspkg
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: msv1_0
 
Log: 'System' Date/Time: 13/05/2024 19:27:07
Type: Warning Category: 0
Event: 6155 Source: LsaSrv
LSA package is not signed as expected. This can cause unexpected behaviour with Credential Guard.  PackageName: kerberos
 
 
I did a restart and I get the Acer screen on my PC for 39secs then blank screen for 19 secs then please wait for a further 14 secs, I then get my log in screen and it took 50 secs for a usable desktop to come up, I clicked on Google Browser and it took 1 min 30 secs to allow me to type in the search box- once the first search is done it seems quick 

Edited by Steviep, 13 May 2024 - 01:41 PM.

  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

Let's see if we can find out more about Streamingfsd.  There is a new command in Win 11 that might help.  Search for CMD and right click on it and Run As Admin.

Type:

fsutil  bypassIo  state  /v  >  %UserProfile%\desktop\junk.txt 

Hit Enter.  This should create a file junk.txt on your desktop.  Open junk.txt and Select All (Ctrl + a) , Copy, (Ctrl + c).  Then move to a Reply and paste (Ctrl +v)

 

Is this a laptop or a desktop?


  • 0

#24
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 420 posts

Morning the PC is a desktop.

 

This is the contents of the junk.txt:

 

Usage: fsutil bypassIo state </v> <file path>
 
   /v   Verbose mode - display the name of the storage driver
 
   Eg: fsutil bypassIo state c:\test\testfile.txt
       fsutil bypassIo state /v d:

  • 0

#25
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

That didn't work for some reason.  

 

I'm not supposed to use FRST in this forum but as long as we don't post the main scans I think it should be OK.

 

Get FRST64 from

https://www.bleeping...very-scan-tool/

Download, Save , go to your download folder and right click and Run as Admin.

 

DO NOT HIT THE SCAN BUTTON.  Instead, put 

StreamingFSD.*

in the Search box and press Search Files.  Will take a few minutes.  You will get one file.  Please post.

 

Go back to FRST and put StreamingFSD in the Search box and press Search Registry.  Again it will take a few minutes to complete.  You will get one file.  Please post.

 

I think on an Acer desktop you have to press Delete to get into the BIOS menu rather than F2.  Reboot and start tapping the Delete key.  It should boot into the BIOS menu.  :Look for the Boot tab.  Verify that the hard drive is at the top of the list and that it is not trying to first boot from a CD/DVD or a Floppy.  If you make any changes be sure to Save them when you Exit.

I am not familiar with the Acer BIOS menu so poke around and see if there is anything about a Fast Boot.  On a Dell it's under the Post Boot option.  I'm going in to the lab today and will see if I can find an Acer to play with.  (I volunteer with a group that rebuilds donated PCs for poor students).  

 

Let's check your hard drive's performance:

 
 
Actual download is at:
 
 
(My browser complains that the File can not be downloaded safely and I have to hit Keep to get it but my anti-virus does not complain.  File is safe.)
 
Download, Save, right click and Run As Admin.  (Close all other programs) Hit Start.  Take a screenshot of the result.
How to take a Screenshot:  Use method 1: https://techcommunit...ays/m-p/2849736
Save the file as .jpg. Then attach the file.

  • 0

Advertisements


#26
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 420 posts
Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by steven (14-05-2024 12:24:02)
Running from C:\Users\steve\Downloads
Boot Mode: Normal
 
================== Search Files: "StreamingFSD.*" =============
 
C:\Windows\System32\DRVSTORE\StreamingF_2BF2479F2B2088DAC9DFEEBA5F623A91F93E9426\StreamingFSD.cat
[2019-11-14 10:22][2018-01-08 15:52] 000010653 ____C () E156E7BF9F45281BD54A4135138904AB [File is digitally signed]
 
C:\Windows\System32\DRVSTORE\StreamingF_2BF2479F2B2088DAC9DFEEBA5F623A91F93E9426\StreamingFSD.inf
[2019-11-14 10:22][2018-01-05 21:53] 000002099 ____C () 402AD3249725B5AB9AB4C99CEDBA385F [File is digitally signed]
 
C:\Windows\System32\DRVSTORE\StreamingF_2BF2479F2B2088DAC9DFEEBA5F623A91F93E9426\StreamingFSD.sys
[2019-11-14 10:22][2018-01-08 15:52] 000791288 ____C (Numecent, Inc.) 10176EC1818ACDDAD078D933EB6CBBDB [File is digitally signed]
 
C:\Windows\System32\drivers\StreamingFSD.sys
[2019-11-14 10:22][2018-01-08 15:52] 000791288 _____ (Numecent, Inc.) 10176EC1818ACDDAD078D933EB6CBBDB [File is digitally signed]
 
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\StreamingFSD.cat
[2019-11-14 10:22][2018-01-08 15:52] 000010653 ____S () E156E7BF9F45281BD54A4135138904AB [File is digitally signed]
 
C:\Program Files\Numecent\Application Jukebox Player\StreamingFSD\StreamingFSD.cat
[2018-01-05 22:53][2018-01-08 15:52] 000010653 _____ () E156E7BF9F45281BD54A4135138904AB [File is digitally signed]
 
C:\Program Files\Numecent\Application Jukebox Player\StreamingFSD\StreamingFSD.inf
[2018-01-05 21:53][2018-01-05 21:53] 000002099 _____ () 402AD3249725B5AB9AB4C99CEDBA385F [File is digitally signed]
 
C:\Program Files\Numecent\Application Jukebox Player\StreamingFSD\StreamingFSD.sys
[2018-01-05 22:53][2018-01-08 15:52] 000791288 _____ (Numecent, Inc.) 10176EC1818ACDDAD078D933EB6CBBDB [File is digitally signed]
 
 
====== End of Search ======
 
Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by steven (14-05-2024 13:10:09)
Running from C:\Users\steve\Downloads
Boot Mode: Normal
 
================== Search Registry: "StreamingFSD" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\C7BF6F322E1CB194191A40145D91B17C]
"StreamingFSD_x64"="Client_Core_x64_Files"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\StreamingF_2BF2479F2B2088DAC9DFEEBA5F623A91F93E9426]
"INF"="StreamingFSD.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\StreamingF_2BF2479F2B2088DAC9DFEEBA5F623A91F93E9426]
"Services"="StreamingFSD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\Services\StreamingFSD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFxApp\Components\{660804F7-2E5A-4EB1-8B89-1FB1BC1D588F}]
"DriverStore"="C:\WINDOWS\system32\DRVSTORE\StreamingF_2BF2479F2B2088DAC9DFEEBA5F623A91F93E9426\StreamingFSD.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Numecent\Application Jukebox Player\StreamingFSD\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F408066A5E21BE4B898F11BCBD185F8]
"C7BF6F322E1CB194191A40145D91B17C"="C:\?Program Files\Numecent\Application Jukebox Player\StreamingFSD\StreamingFSD.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F408066A5E21BE4B898F11BCBD185F8\C7BF6F322E1CB194191A40145D91B17C]
"File"="streamingfsd_x64.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7BF6F322E1CB194191A40145D91B17C\Features]
"StreamingFSD_x64"="9WHlH[Lk@Adomwa?M!)VClient_Core_x64_Files"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\Program Files\Numecent\Application Jukebox Player\StreamingFSD\StreamingFSD.inf"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\StreamingFSD]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\StreamingFSD]
"ServiceName"="StreamingFSD"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\StreamingFSD]
"Path"="system32\DRIVERS\StreamingFSD.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\StreamingFSD]
"Path.Org"="system32\DRIVERS\StreamingFSD.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\StreamingFSD]
"Path.Win32"="C:\Windows\System32\drivers\StreamingFSD.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\StreamingFSD]
"DisplayName"="StreamingFSD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StreamingFSD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StreamingFSD]
"DisplayName"="StreamingFSD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StreamingFSD]
"ImagePath"="system32\DRIVERS\StreamingFSD.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StreamingFSD\Instances]
"DefaultInstance"="StreamingFSD"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StreamingFSD\Instances\StreamingFSD]
 
====== End of Search ======
 
Had a look in the BIOS and 1st Boot Device is Windows boot manager.
 

 

Attached Thumbnails

  • Screenshot 2024-05-14 134923.jpg

Edited by Steviep, 14 May 2024 - 06:50 AM.

  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

It does appear that you had Jukebox Player installed at one time:

 

"C:\Program Files\Numecent\Application Jukebox Player\StreamingFSD\"=""

 

 

 

Guess it didn't uninstall correctly.  However it does say that there is a service called StreamingFSD so let's see if just turning it off will make it stop trying to load.

 

Search for

services.msc 

Hit Enter.

 

Scroll down until you find StreamingFSD and right click on it and select Properties.  Change the Startup Type: to Disabled.

 

Clear the Events as before and then reboot and rerun VEW again and post the log.

 

Also rerun HDTune and let's see if the big drop at the beginning was just a transient problem.  I don't suppose you are willing (or financially able) to upgrade the harddrive to a Samsung SSD?  You would see a real boost in speed.  

 

Finally let's see if Speedfan will work on your PC. (Hasn't been updated in a while so it may not)

 

https://filehippo.co...nload_speedfan/

 

I'm about to leave for the lab.  Won't get back until about 7 EDT so probably won't get back to you until late tonight.

 

Click on Download Latest Version for Windows.

 

Download, Save and go to the Downloads folder then right click and Run As Admin.  Once installed it will create an icon on the desktop.  Right click on the Speedfan icon and Run As Admin.  Once it loads (and you get rid of the Tip popup) it should show you the temps for your PC.  Make a screenshot of the page and attach it to a reply.  Watch a video or run an antivirus scan and check to see if the temps rise a lot.  On a desktop at idle we usually see about 45 deg C.  Under moderate load it should not go higher than about 65.


  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

One other thing to try:

 

Open your browser (Chrome?) then click on the three bars or dots in the upper right corner and select Extensions, Manage Extension.  Turn off all extensions.  Restart Chrome.  IF it makes a difference then go back in and turn on half of the ones your turned off restart Chrome and try to find the one that slows it down.

 

Also search for

device manager and hit Enter.  Scroll down to Network Adapters and if it's not open hit the arrow in front of it.  Find the Wireless device and right click on it and select Properties.

 

There should be a Power Management tab.  Click on that and then UNCHECK Allow the computer to turn off this device to save power.  OK


  • 0

#29
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 420 posts

Screenshot 2024-05-14 151458.png Hi,

 

Thanks again for the help.

 

I cant see find StreamingFSD in the list, I've attached a screenprint.

 

I've attached another HD Tune screenprint. I've run Speedfan and attached 2 prints, one with no tabs open and the 2nd one while running virus check and a video on youtube.

 

I've opened the extensions on Chrome and the only one was Google Docs Offline so I have disabled it and I have checked the Network adapter and it was already set to allow the computer to turn off this device to save power.

Attached Thumbnails

  • HD TUNE 2nd 2024-05-14 152358.jpg
  • Speedfan 2024-05-14 152816.jpg
  • Speedfan 2 2024-05-14 153458.jpg

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

OK.  It's not overheating.  You did UNCHECK the box in device manager.    

 

I see from your other thread that the service is disabled.  Can you find the StreamingFSD.inf file at

C:\Program Files\Numecent\Application Jukebox Player\StreamingFSD\StreamingFSD.inf

change the extension to txt and attach it.  Also look in C:\Program Files\Numecent\Application Jukebox Player\StreamingFSD\

Is there an Uninstall file?  Ifso right click on it and Run as admin.

These are hidden files so you have to open File Explorer, then click on View and check Hidden items and File Name Extensions.

 

I found an Acer desktop at the lab.  Will bring it home tonight and see what options are available in the Bios.  


  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP