Background process untraceable on the event log service

Hello

I use a Windows 7 Enterprise system,

ASUS X 99

I7-5960 X

GTX Titan

This is a whole new system.

Recently, the spinning wheel "working in the shadows" near the cursor doesn't disappear. I mean he will start a few seconds after the start and just stay there. It drove me crazy so I had to understand. I spent hours on the internet has tried many things. I have a little shrunken down, but still no solution. Here are some of the things I've done:

(1) I went to Task Manager. I noticed that there is a constant use of the CPU by about 7% at all times. It is abnormal because idling all my other computers are still 0-1%. I went to the tab process to see what that was doing this. This is when things started to get interesting. There was no process using so much CPU. The system idle process will be 98-99%, but the CPU usage would be even at 7-8%.

(2) I read on the internet a program called Explorer of progress, so I downloaded to see if it could track down. It's even more bizarre. The process exploring the use of the processor has 1-2%, as it should; While the Task Manager, it was still 7-8%!

(3) many people suggested that this kind of thing can be linked to an infection by the virus. So I ran scans with Norton trial we had (also in safe mode), nothing. Then, I uninstalled, installed Malwarebytes, scanned and found nothing.

(4) I checked the driver updates. I also completely uninstalled and reinstalled the graphics and USB drivers. No luck.

(5) then, I did a clean boot (most of the services have been disabled) and voila! It was fine. So, he had to be linked to one of background services.

(6) after a long trial and error, I reduced to a single service: Windows event log. The problem would not happen if I disabled this service of msconfig, then rebooted. However, I googled this service and it turns out that it's something quite essential for the operating system and I should not turn it off.

So now, I hit a wall. I have absolutely no idea what to do (I'm considering an update of the BIOS but doubt strongly it would be useful). Before ask you, I don't know what preceded the problem. Many people use this computer and I don't know who started it. A clean installation of Windows is an option, but it would be a large number of deactivation/activation of the software is the last resort.

I would appreciate help.

Thank you.

NO.

You/we can be able to obtain more information by running a trace of performance windows recorder.  Instructions in the wiki below

In order to diagnose your problem, we need run Windows performance toolkit, the instructions that are in this wiki

If you have any questions do not hesitate to ask

Please run the trace when you encounter the problem

Tags: Windows

Similar Questions

  • The event log does not start error 31: a device attached to the system is not functioning

    I can't get the service to start on my winxp sp3 pc event log. I have tried everything I know:

    • Running sfc/scannow
    • Reset permissions
    • Search for malware and viruses
    • Rebuild the WMI
    • Create a new account
    Nothing seems to work, I think that this is related to an error in hardware/device, but I see no problem in Device Manager. Can someone point me in the right direction to get this resolved? I don't really want to have to format or restore my PC...
    Thank you.

    * EDIT * well it seems to have fixed myself, I used regedit and navigate to the key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog

    There, I found some records, I deleted the folder "Powershell" and the "Internet Explorer" folder, and the event log service, and then began. I had uninstalled IE and Powershell but these records were still there so I thought I would like to remove to see if he has made all the difference.
    Thanks for your time!
    -Antoni

  • I am not able to browse the network. The workstation services and control of browser will not start. The event log shows the workstation service terminated with error code 2250.

    Internet, not able to browse computers on the network

    The computer has internet access, but I am not able to browse the network. The workstation services and control of browser will not start. The event log shows the workstation service terminated with error code 2250. Also in the event log Workstation reports: could not load RDR device driver. Cannot run the sfc in safemode, gives the 0x000006ba error, the rpc server is unavailable. Runs under normal windows, noticed in the registry last run: 0x000003e3 error code (try adding c:\windows\system32\drivesr\i81xnt5.sys to the dllcache)

    I'm puzzled.

    Hello

    I suggest you to send your request in the below link.

    http://social.technet.Microsoft.com/forums/en-us/itproxpsp/threads

  • User profile service, you have been logged with the default for the system profile, please see the the event log for more information or contact your administrator.

    User profile service... Help... I'm stuck and going nowhere.

    Hello

    Whenever my user try to connect this MSG poping up to the top of any solution please.

    User profile service

    you have been logged on with the default for the system profile, please see the the event log for more information or contact your administrator.

    Click on this URL and follow the instructions 100% your problem has been resolved http: //support.microsoft.com/kb/947215

    Try it.

  • service control manager errors 7011, 7034, 7036 and sr 1 in the event log.

    I have problem with mouse (ps/2 compatible laser and wheel mouse optical usb) and / or the keyboard may freeze completely not moving or not to answer. also repeatedly happens a lot or ok for awhile or rarely. the event log which seems to be both what happens or the scm 7011,7034,7036 and, sometimes, the sr 1. No category.  often the only thing to do is to unplug the system and restart. I don't think it's the mouse or the keyboard. I have McAfee antivirus and computer Acer Power. It's pc. This cannot be good on the computer. any ideas?

    Hi no. Ida,

    See the link below to put on with similar problem and try the steps mentioned, check if it helps.

    http://social.technet.Microsoft.com/forums/en-SG/w7itprohardware/thread/cc12ba6b-68e6-430F-949B-b7487cce61b1

    See also the link and run the Fixit tool, check if it helps.

    Hardware devices do not work or are not detected in Windows

    http://support.Microsoft.com/mats/hardware_device_problems

  • Error message: problem loading parameters and check the event log or ask the administrator

    My wallpaper, the desktop icons and most of my documents are gone.

    I have Vista Home Premium and a couple of days and I connected my desktop background was changed. Several desktop icons are missing, and a message came up saying there was a problem loading my settings and check the event log, or ask the administrator (me) for more details. All my "Favorites" were missing in the sidebar and my documents and recorded images folders are empty. Microsoft customer service tells me there is an error in my code for the identification of product (from the Windows Activation in systems and Maintenance) so I can't help out.

    Any thoughts? Thank you!

    Hello, G25

    It is likely that your user profile is damaged. I would advise to create a new user account and test if you get any errors. If everything works as expected under the new user account, you can start to recover your account profile by following the steps on the following link: difficulty of a user profile is corrupted

    David
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Install Error 1935 in the event log when trying to manually install the KB954430

    Vista Home Premium 32 German

    Automatic update of Vista tried every day to install the fix KB954430 (MSXML Core Services 4.0 Service Pack 2).

    To resolve this problem, I tried one of the suggestion of many to install this fix manually.

    So I downloaded msxml4-KB954430 - deu.exe Microsoft.com and all first I removed the patch, then I did a reboot and then I started the installation as an administrator.

    During the installation, I got the error in a message box:
    "During the Assemblierungskomponente {DA656E4D-45B9-3659-A06B-D6B9ABF34537} ein Fehler aufgetreten ist der installation. HRESULT: 0 X 80073715. »
    = during the installation of the component assembly... an error occurred...

    After a click on the ok button, the installation was cancelled.

    The event log entry:
    Product: MSXML 4.0 SP2 (KB954430) - Fehler 1935. During the Installation der Assemblierungskomponente {DA656E4D-45B9-3659-A06B-D6B9ABF34537} ist ein Fehler aufgetreten. HRESULT: 0 X 80073715. Assemblierungsschnittstelle: Returned IAssemblyCacheItem, function: commit, Assemblierungsname: Microsoft.MSXML2R, type = "win32", version = "4.1.1.0", publicKeyToken = "6bd6b9abf345378f" processorArchitecture = "x 86"

    I already know:
    http://support.Microsoft.com/kb/941729
    http://support.Microsoft.com/kb/936181

    What can I do, to make this boring, works of hotfix update works not properly?

    Thank you
    Wolfgang

    Hi Wolfgang,.
    If it's for a computer language Duitsch, I recommend that you visit a site from Microsoft speaking German to get the best possible help to your question.
    Please follow the link below.

    http://support.Microsoft.com/common/international.aspx

    Matt
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • What is event ID # written in the event log when a user compresses its C:\ By car

    Windows XP Pro - SP3

    I want to know what entry # and details entry appears in the event log when a user compresses its C:\ By car

    There is none.  But if you compress ntldr in the process you will certainly get an unambiguous error message when you restart the computer.

    John

  • missing events in the event log

    I'm really new and can't help otherwise explain what just happened to me. I am running Vista home and checked my reliability and performance monitor. He came back to me with missing events to the event log. 14% of my missing log files. He told me that my buffer size and maximum ETW memory buffer is not obtimal that the data sets are collected. I have AVG free virus and found no problem. I had a lot of problems with the security of the networks and curious to know for myself if someone takes information just behind my computer. Everyone acts as if I am perinoid, but I had log events while at work and shut down the system. Some are could not log on to attemtps still more successful. Many programs also show other computers on my network even glancing only ethernet to my dsl modem. So I'm not under xp but have the same diagnostic report. I would be grateful no sign, that I am not paranoid. thanx

    Hi Dancin' madman,

    Welcome to the Microsoft Vista answers Forum!

    I would like to ask you a few questions in order to get a better understanding of this issue so that we can better help you.

    (a) what version of Vista are you using?

    (b) is connected to a domain, or more than 10 computers in your computer network?

    (c) what the event log you are trying to check?

    For example, if you check the log of events for an Application, then you must

    1. click on Start, type Event Viewer in the start search and press enter

    2. in the Windows logs , select the Application, it should be under the winlogon (the last)entry. Right click on the Application and select Properties.

    3. in the Properties , you can check for the latest event logs and check the settings if it is set to replace the events, if you want, then you can change the settings.

    Because you are worried about the security of the network, you can try first run a scan of online security.

    Follow the below links for analysis online on your computer to verify if there is a malicious software on your computer.

    http://OneCare.live.com/site/en-us/default.htm

    http://www.Microsoft.com/security/malwareremove/default.aspx

    You can also check if the Services of Windows Event log and dependence are started.

    1. Click Start, type Services in start search box and press ENTER.

    2. Locate the Windows event log in the mentioned Services.

    3. check if the status is started. If the condition column is blank, right click on the Windows event log Service and select start.

    4. open the Windows Service event log, select dependencies. In dependencies, select the Windows event collector and click ok to start the service.

    5. also check the dependencies in the Windows event collector and launch service dependencies by clicking OK.

    Hope the helps of information.
    Please post back and we do know.

    Concerning
    Jeremy K
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think.

  • [R] Intel PROSet/Wireless event log Service stopped working. What is c? Please help me.

    What log the events ofIntel PROSet/Wireless Service has stopped working? Please help me.

    Hi Tariq.khan,

    ·         Exactly when you receive this error message?

    ·         Did you do changes on the computer before the show?

    Follow the suggestions below for a possible solution:

    Method 1: I was able to find a link from the Intel site, where the question seems to be addressed, I recommend you to go through the link given below where a users seems to have found the solution.

    [R] Intel PROSet/Wireless event log Service stopped working

    http://communities.Intel.com/message/69976

     

    Method 2: I suggest you to check and clean the boot if the problem persists.

    How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7

    http://support.Microsoft.com/kb/929135

     

    Note: After troubleshooting, be sure to configure the computer to start as usual as mentioned at step 7 of the article mentioned above.

    Let us know if that helps.

  • McAfee security center updates. The event log shows no signature of threat.

    McAfee security center updates. The event log shows no signature of threat. That it states that I am protected I never had any "alerts" from him. Anyone know if it's OK or a way to check it out. The following is in the event log

    Log name: Application
    Source: McLogEvent
    Date: 2009-08-28 17:42:15
    Event ID: 5000
    Task category: no
    Level: Information
    Keywords: Classic
    User: SYSTEM
    Computer: XPS
    Description:
    The McShield service started.
    Engine version: 5301.4018
    DAT version: 5722.0000
     
    Number of signatures in EXTRA. DAT: no
    Names of the threats that EXTRA. DAT can detect: None
    The event XML:
    http://schemas.Microsoft.com/win/2004/08/events/event">
     
       
        5000
        4
        0
        0 x 80000000000000
       
        23259
        Application
        XPS
       
     
     
        5301.4018
        5722.0000
        None
        None
     

    Thanks for the reassurance. Tech support McAfee response to any problem seems to be reinstalled, I've done a dozen times.

  • Victory 8 gel. Error Bluetooth Low energy in the event log

    System hangs after booting with a boot cold necessary to cancel the situation of hanging.

    I watched the debates, and even after disabling all startup services and by disabling the Windows option change the bluetooth power state, I always have the same question.

    Ideas anyone that I'm a little confused here.

    The local adapter does not support a large controller low-energy State. The State of minimum support is 0x1f7fffff, had 0x1f3fffff. The Low Energy functionality has been disabled

    The bluetooth adapter has also been entirely disabled and the above error is still constantly appear in the event log.

    I would also add that did system restore to a point before the hanging began and the problem persists.

    Discussions, as mentioned above:

    http://social.technet.Microsoft.com/forums/Windows/en-us/7c1a1839-93E1-498C-afe2-2b291539112e/Windows-8-hangfreeze?Forum=w8itprogeneral
    http://answers.Microsoft.com/en-us/Windows/Forum/windows_8-networking/Windows-8-random-freeze-only-when-using-Ethernet/c874dead-800C-476e-8F19-0288405ccd25

    I can give more information if necessary.

    Further investigation on the system showed that the SSD itself is at fault. Intel SSD Toolbox reports a flaw in the LBA in the same place every time.

    Looks like my second intuition as right all along the - hardware and no software to blame.

  • Satellite A200 (PSAE6) bought 2008, but the event log contains entries from 2007

    Given that I have buy my Satellite I have problems, most are a blue screen with auto restart.

    I found several problems dated April 2007, entries in the event log WHEN I only buy this machine on February 2008!

    Please someone explain me if this can be possible?

    For example:

    Nome registo:Microsoft - Windows-CodeIntegrity/Operational
    Origem: Microsoft-Windows-CodeIntegrity
    Data: 13/07/2007 14:02:45
    Event ID: 3001
    Category has: (1).
    BORN? Â? ? Â * vel: Aviso
    Palavras-chave:
    User: S-1-5-18
    Computador: LH-A0U969U2IED4:
    Code integrity determined that an unsigned kernel module system32\DRIVERS\CplIR.SYS is loaded in the system. Check with the Publisher to see if there is a signed version of the kernel module.

    One question;
    Did you buy this computer store camera and laptop boxed originally was?
    Vista was already configured and customized?

    Usually the OS should be pre-installed on laptop but shouldn't t be configured and customized.

  • Telephone call about the event log errors - they claim to be the Technical Support

    Original title: event error logs

    I get a phone call from a person claiming to be a b/c my computer Tech support has published many errors in the event log.  Is - is this legitimate?  He wants me to do stuff in the event log.

    Hello

    Yes, it's a SCAM!

    Avoid scams to phone for tech support
    http://www.Microsoft.com/security/online-privacy/avoid-phone-scams.aspx

    In the United States, you can contact the FBI, Attorney general, the police authorities and consumer
    Watch groups. Arm yourself with knowledge.

    The Internet Crime Complaint Center (IC3) is a partnership between the Federal Bureau of Investigation
    (FBI) and the National White Collar Crime Center (NW3C), funded in part by the Bureau of Justice Assistance
    (BJA).
    http://www.ic3.gov/complaint/default.aspx

    No, Microsoft wouldn't you not solicited. Or they would know if errors exist on your
    computer. So that's the fraud or scams to get your money or worse to steal your identity.

    Avoid scams that use the Microsoft name fraudulently - Microsoft is not unsolicited
    phone calls to help you fix your computer
    http://www.Microsoft.com/protect/fraud/phishing/msName.aspx

    Scams and hoaxes
    http://support.Microsoft.com/contactus/cu_sc_virsec_master?ws=support#tab3

    Microsoft Support Center consumer
    https://consumersecuritysupport.Microsoft.com/default.aspx?altbrand=true&SD=GN&ln=en-us&St=1&wfxredirect=1&gssnb=1

    Microsoft technical support
    http://support.Microsoft.com/contactus/?ws=support#TAB0

    Microsoft - contact technical support
    http://Windows.Microsoft.com/en-us/Windows/help/contact-support

    I hope this helps.

    Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle=""><- mark="" twain="" said="" it="">

  • I noticed that my remote access has been activated twice in a week but I did not. no way to verify when, what, who activated via the event log,...?

    I noticed that my remote access has been activated twice in a week but I did not. no way to verify when, what, who activated via the event log,...?

    Hi dewthisnow,

    The information office for remote access must be in the security log.

    For more information, see:

    To disable remote desktop

    To view the logs in Event Viewer, see:

    Using the event viewer        

    Procedure to view and manage event logs in Event Viewer in Windows XP

Maybe you are looking for