New
#81
@ Slartybart
I attached the zip file that you requnested.
@ Callender
Thank you for your answers, it seems I can remove a few of them .. I'll try them out and post back results.
Thanks!
@ Slartybart
I attached the zip file that you requnested.
@ Callender
Thank you for your answers, it seems I can remove a few of them .. I'll try them out and post back results.
Thanks!
Ah sorry, I thought I attached it .. anyway here it is ..
It happens, no problem.
I took a quick look at the event logs. I'm going to say that combing through event logs looking for performance tuning is more work than I am willing to commit to doing. I asked for the data because it was the easiest way to answer your question about the Error events you're seeing.
Here's what I cherry picked from the information you posted:
Make sure you have sufficient disk space to operate your machine.Log Name: System
Source: volsnap
Date: 2015-01-08T11:53:10.809
Event ID: 24
Description: There was insufficient disk space on volume C: to grow the shadow copy storage for shadow copies of C:. As a result of this failure all shadow copies of volume C: are at risk of being deleted.
Without further research, I'm not certain about this, but the description lends itself to performance. It's probably normal throttling but it's an area you can look at to see what's causing it to throttle back. It is not a serious condition.Log Name: System
Source: Microsoft-Windows-Kernel-Processor-Power
Date: 2015-01-08T11:36:45.238
Event ID: 37
Description: The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 28 seconds since the last report.
These both relate to Western Digital and should be researched. If you don't use the WD backup service - disable it in Services or the Services tab in MSconfig. If you do use the WD backup services, fix the configuration. The rules are wrong or you didn't tell it where to backup the data.Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 2015-01-09T12:26:45.000
Event ID: 10005
Description: DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}
Log Name: System
Source: Service Control Manager
Date: 2015-01-09T12:22:56.910
Event ID: 7001
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Again, this points to disk space, specifically your paging file (virtual memory)Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 2015-01-09T12:23:27.000
Event ID: 34005
Description: The ICS_IPV6 was unable to allocate bytes of memory.
This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
I recall reading something like this "Mbam missing file" but you'll have to dig deeper. See if Malwarebytes forum has anything on thisLog Name: System
Source: Service Control Manager
Date: 2015-01-09T12:22:35.694
Event ID: 7001
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
The system cannot find the file specified.
That's about it.
Conclusion: I believe the many errors you see in the Event log revolve around disk space and also this eventDescription: The WD Backup service depends on the WD Rules service which failed to start because of the following error:There are tens if not hundreds of the WD Rules events. If you have disabled that service, re-enable it. The old events remain in the log, but new ones won't be generated.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it
It is tedious work, but if you're looking to get those few milliseconds, you have to do the heavy lifting.
Sorry this wasn't a "here ya go, these things will help you" post.
It's more an answer to your query re: Error level event logs and a "point you in the right direction" post.
Bill
.
@ Slartybart
Thanks for the detailed answers. I have a few followup questions:
"Again, this points to disk space, specifically your paging file (virtual memory)"
* Should increase virtual memory? right now its set on system managed, which is auto set by windows to 8GB and the system recommendation shows 12GB ... strange but anyway should set it to manual and set virtual memory to 12GB+?
"Mbam missing file"
* removed malware bytes while testing system a few days back ... so any idea why is it still interfering with system?
"The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 28 seconds since the last report."
* I don't understand this ... can you elaborate?
Thanks!
Letting Windows manage the page file is easiest - more is not always better in this case. Too much causes page thrashing too little causes more page faults.
My rule of thumb is: if you manually set the page file size, set a static value equal to the physical memory only on the System drive
4 GB RAM, page file 4096-4096
8 GB RAM, page file 8192-8192
etc.
I'm not sure it is interfering, that's the thing about event logs - this could be an old log entry that came from when you removed Malwarebytes. Logs only tell you so much, the rest is knowing what you've done (uninstalling Mbam) and a bit of hard digging.
I thought I did - the system throttles back under certain circumstances. What those circumstances are is hard to determine without elaborate forensics. The best I can offer is to make note of the event and if it occurs too many times, then investigate more. Otherwise, it's a normal event with little impact - I just noted it when I looked at the events and thought I'd point it out.
If you want to try and analyze the events it's easier to start with a clean slate.
Event Viewer: Clear All Events
This is not something you want to run regularly, since you might lose an entry that might help future troubleshooting. I might clear my event logs once a year when my machine has been and is running smooth. Never when I'm having trouble with the machine.
Don't over reach when looking at the events - some are alarming but really aren't any concern.
Take the 'error' event wmi 10 - it's not an error at all and you can stop it from being reported
Event ID 10 is logged in the Application log after you install Service Pack 1 for Windows 7 or Windows Server 2008 R2
The rest of event analysis is up to you to research and work though. I don't bother much unless I have real issue on my machine and it's usually an after thought "Hey, I should have looked at the event logs". But it's really only a troubleshooting tool.
As a lot of members have already said, your machine is performing well. Don't look for things to fix when there aren't any real issues.
Good luck and have 'fun' with events. It's a good way to learn but it can be frustrating.
The 'more information' on the event itself might take you to a page that describe the event - or you can Google the event or error (wmi 10 for example) to learn more.
The rest I leave as an exercise for the student.
Alright, thank you for your help
I'm probably not allowed to do this, but @gabe if you're satisfied with your system running as specified can you mark this thread as closed?
Unfinished things bother me.