[RKinner]

If you look closely at the post it says to type:

 

Uninstall-WindowsCapability -Online -Name ‘Microsoft-Windows-Defender'

 

Looks to me like you left off the ' at the end.

 

Does that make a difference?

[Advertisements]

Sorry, tried it again and get this per the attachment

Attached Thumbnails

• 

[Steviep]

Sorry, tried it again and get this per the attachment

Attached Thumbnails

• 

[RKinner]

After some more research it appears that powershell can no longer be used to remove Windows Defender.

 

There is a way that appears to disable Windows Defender.  Perhaps that will be enough.

 

Get Winaero Tweaker.

https://winaero.com/...eaker/#download

 

Once you Save it, go to the download folder and right click and Extract All.  The right click on 

WinaeroTweaker-1.62.1.0-setup.exe and Run as admin.  Once it installs, scroll down to Windows Defender and click on it.  on the pane to the right check the box Disable Windows Defender.  Then reboot.

 

To reenble Windows Defender, uncheck the box and reboot.

[Steviep]

HI,

 

Disabled Windows defender and rebooted a couple of times and got these times:

Acer screen for 8 secs,

Blank screen for 1min 13 secs then got search results 3 mins 35 secs after switch on.

 

Re enabled Windows defender and did a couple of reboots and got these times:

Acer screen for 29 secs

Blank screen for 1 min 28 secs then got search results 3 mins 29 secs after switch on

 

I am aware taht you are/have spent a long time on this- Should I consider a complete reinstall of windows ?

[RKinner]

A complete fresh install is always an option.  Up to you.  I'm retired so have lots of time but you probably want to get back to using your PC normally.

 

Any chance of upgrading your RAM from 8GB to 16GB?  That would probably help.  This reminds of XP days.  When it came out it would happily run on 500MB or less but after several updates even 1 GB was not really enough for a speedy boot.

 

I've been digging into the bootlog a bit more.  Do you use Microsoft Office?  I see it checking for updates and checking files.  If you don't need use it I would uninstall it. It's installed by default but in order to use it you have to pay a yearly fee.

 

Also you can try searching for

services.msc

hit Enter

Scroll down to Windows Error Reporting and right click on it and change the StartupType: to Disabled then OK.

 

You can also disable

sysmain

and as a test

Windows Search.

 

Today's my volunteer day so I probably won't get back to you again until tomorrow morning.  I go up to Titusville and help rebuilding donated PCs and laptops to give to poor students and since I have to skip my afternoon nap I am usually so tired when I get home that I don't even look at my PC until the next day.

[Steviep]

Morning,

 

I am happy to upgrade the memory and will order it today.

 

I do use Office from time to time and have a licence for it and would prefer not to uninstall it.

 

I've looked at Error Reporting and it was set to manual and I have now disabled it, sysmain was already set to disabled and I have disabled Windows Search, I did a restart and no difference. Should I change any settings back?

 

I am going abroad on the 6th June and plan to be away for around 6 weeks but maybe the plans will change and I'll b back sooner- just to let you know.

[Steviep]

Just looking at RAM and I think there are 2 sockets for it on my Motherboard should I buy  2 x new 8GB 2666mhz ddr4 memory or just 1 to add to the existing RAM or should I buy a 16GB module?

[phillpower2]

For stability reasons you want a matching pair of 2666Mhz sticks, 2 Xs 8GB sticks is fine for web browsing and simple documents etc but if you stream or edit videos, play games or run programs like photoshop you should check what each program recommends.

[RKinner]

Sorry for the delay.  Wife had a long honey-do list for me yesterday.

 

PhillPower2 is our hardware guy so his advice is good.

 

Can you look in your event log (right click on start and select Event Viewer or search for Event Viewer and hit Enter) then click on the arrow in front of Windows Logs to open it up then click on System.  Sort the events by source (click once on the Source column header).  Scroll down and see if you have any from HttpService.

 

If you find any click on one and look for the Process ID. What is it?  Might as well give me a screenshot.

 

Also tho it is supposed to speed up Edge, let's see what happens to the boot time when we tell Edge to wait until we call it.  Go into Edge and click on the three dots and then on Settings.  Scroll down to System & Performance.  Turn off the top two options.  That way it should wait until we call it and will stop when we tell it to.

Also right click on the Taskbar (at the bottom of the screen) and hover over News and Interests and then slide over and click on Turn Off.  Right click on the taskbar again and hover over Search.  There should be an option Show Search Highlights.  IF it is checked then click on it which should uncheck it.  Now reboot and time the boot process.  Any change?

[Steviep]

Hi,

 

No problem with any delay I know what my wifes list looks like

 

I bought another 8GB of RAM and have installed it today- I'd ordered it from Amazon so will order another the same and will install it when it arrives so that both sticks are the same. without dong any of your instructions the boot time was : Acer screen for 25 secs, Blank for a further 1 min 18 and then search results in a further 1 min 53 secs.

 

Event Log - I have loads of items under HttpService and have attached a couple of screenshots.

Re Edge in System and performance - the top two settings are already turned off. 

Attached Thumbnails

• 
• 
• 
• 

[Steviep]

Did a restart and times are:

 

Acer screen till 29 secs, Blank screen further 1min 20 secs and search results after a further 1 min 27 secs

[RKinner]

OK.  Looks like you may  have tracing turned on.  Not sure exactly how it happened or how to turn it off but App id 4 is System so it might explain why System was showing up in Latency Monitor.  Let's look at the registry entry for http and see if it is different from mine.

 

Download the attached fixlist.txt to the same location as FRST

 

 fixlist.txt   160bytes   32 downloads

 

Run FRST and press Fix

A fix log will be generated please post that   This will be very quick and will not require an update.  It will make no changes just look at the registry entry for http service.

 

Also go to Event Viewer, Applications and Services as before but this time look for Http.  There should be 2.  one for HttpLog and one for HttpService..  If either of them shows a non zero number of entries then click on Properties in the far right pane and uncheck Enable Logging.

 

 

 

[Steviep]

Fix result of Farbar Recovery Scan Tool (x64) Version: 30.05.2024

Ran by steven (30-05-2024 20:02:52) Run:5

Running from C:\Users\steve\Desktop

Loaded Profiles: steven

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

reg: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP /s

 

 

*****************

 

 

========= reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP /s =========

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP

    DependOnService    REG_MULTI_SZ    MsQuic

    Description    REG_SZ    @%SystemRoot%\system32\drivers\http.sys,-2

    DisplayName    REG_SZ    @%SystemRoot%\system32\drivers\http.sys,-1

    ErrorControl    REG_DWORD    0x1

    ImagePath    REG_EXPAND_SZ    system32\drivers\HTTP.sys

    Start    REG_DWORD    0x3

    Type    REG_DWORD    0x1

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslCcsBindingInfo

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslScopedCcsBindingInfo

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslSniBindingInfo

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo

    http://*:5357/    REG_BINARY    010004800000000000000000000000001400000002003400020000000000180000000020010200000000000520000000210200000000140000000020010100000000000513000000

    http:// :80/Temporar...sten_Addresses/    REG_BINARY    010004800000000000000000000000001400000002001C00010000000000140000000020010100000000000100000000

    https://*:5358/    REG_BINARY    010004800000000000000000000000001400000002003400020000000000180000000020010200000000000520000000210200000000140000000020010100000000000513000000

    https://+:5986/wsman/    REG_BINARY    010004800000000000000000000000001400000002005800020000000000280000000020010600000000000550000000862AEE21D75B09B0A45B6CADBB83934DEA679018000028000000002001060000000000055000000043B4FAF1D3D45434A8D53E4A530A6C1F3DEE9BB2

    http://+:47001/wsman/    REG_BINARY    010004800000000000000000000000001400000002005800020000000000280000000020010600000000000550000000862AEE21D75B09B0A45B6CADBB83934DEA679018000028000000002001060000000000055000000043B4FAF1D3D45434A8D53E4A530A6C1F3DEE9BB2

    http://+:5985/wsman/    REG_BINARY    010004800000000000000000000000001400000002005800020000000000280000000020010600000000000550000000862AEE21D75B09B0A45B6CADBB83934DEA679018000028000000002001060000000000055000000043B4FAF1D3D45434A8D53E4A530A6C1F3DEE9BB2

    http://*:2869/    REG_BINARY    010004800000000000000000000000001400000002001C00010000000000140000000020010100000000000513000000

    https:// :443/sra_{B...-C84EE0ADCD75}/    REG_BINARY    010004800000000000000000000000001400000002005C000300000000002800000000100106000000000005500000007EA6C8CC2AAEA72FC1EBFBE1BAE36BC0DAD02BAF0000180000000010010200000000000520000000200200000000140000000010010100000000000512000000

    https://+:10245/WMPNSSv4/    REG_BINARY    010004800000000000000000000000001400000002003000010000000000280000000020010600000000000550000000390B9A8D3E6DC72D58A4ADD24866EF3BC8B64AAB

    http://+:10243/WMPNSSv4/    REG_BINARY    010004800000000000000000000000001400000002003000010000000000280000000020010600000000000550000000390B9A8D3E6DC72D58A4ADD24866EF3BC8B64AAB

    http://+:11425/    REG_BINARY    010004800000000000000000000000001400000002002C00010000000000240000000020010500000000000515000000BED6CD67F1301CE1AF8C4E92E9030000

    http://+:9007/    REG_BINARY    010004800000000000000000000000001400000002001C00010000000000140000000020010100000000000100000000

    http://+:10247/apps/    REG_BINARY    010004800000000000000000000000001400000002001C0001000000000014000000002001010000000000050B000000

    http://+:10246/MDEServer/    REG_BINARY    010004800000000000000000000000001400000002001C0001000000000014000000002001010000000000050B000000

    https://+:3392/rdp/    REG_BINARY    0100048000000000000000000000000014000000020030000100000000002800000000200106000000000005500000006634961AB9AAF15C193012F895CE4874A0FD4E30

    http://+:3387/rdp/    REG_BINARY    0100048000000000000000000000000014000000020030000100000000002800000000200106000000000005500000006634961AB9AAF15C193012F895CE4874A0FD4E30

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Security

    Security    REG_BINARY    01001480A0000000AC000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020070000500000000001400FF010F0001010000000000051200000000001800FF010F0001020000000000052000000020020000000014009D000200010100000000000504000000000014009D000200010100000000000506000000000014009D000200010100000000000503000000010100000000000512000000010100000000000512000000

 

 

 

========= End of Reg: =========

 

 

==== End of Fixlog 20:02:52 ====

 

 

 

Re HTTP - Both Log and Service were showing as zero

Edited by Steviep, 30 May 2024 - 01:06 PM.

[Steviep]

I did a google search for tracing being turned on- is this something to do with Android as I have an android phone and vaguely remember doing something so that it would work on windows PC's . - I cant remember why I did this. I have an app on my PC called Windows Subsystem for Android- might that be something causing it?

 

I have no issue uninstalling it if that would help.

Edited by Steviep, 30 May 2024 - 01:20 PM.

[RKinner]

You can try uninstalling your android program.  

 

There are a few differences between your registry entries and mine. Open a Command Prompt (Admin) by searching for CMD and when it finds Command Prompt, right click and Run As Admin.

 

Type or copy and right click in Command Prompt.

netsh http show urlacl > %UserProfile%\desktop\junk.txt

Hit Enter.  This will create a file junk.txt on your desktop.  Please open and Ctrl+a then Ctrl + c then move to a reply and Ctrl +v.  This should translate the binary stuff in the registry entries so we can see if one of them has Audit turned on.