Windows 10: Need Thoughts on These Event 4688 and WMI Event 5861 Instances

so my PC has a little bit of a kink to it where sometimes, during boot, the VGA light on the motherboard will hang and fast startup will fail; eventually, the monitor and Windows will come up as normal and everything will function perfectly fine. it's done this since I got the computer, not really an issue, not trying to fix it eitherwhen this happens, various Event 4688 Process Creations will log in Event Viewer > Security; typically, if I restart the computer, the same 4688 events will be logged again. if I restart one more time, nothing happens and I'll just continue about my day since t

:)

 

WMI activity Event ID 5861

Opened the WMI-Activity%4Operational log and found thousands of this one event. I do not have the event on the laptop just the desktop. Operating system Windows 10 PRO. WMI runs all of the with at least 2 instances open then there's server one that runs
and that reverse thing that also runs. Below I have pasted both general and details hopefully someone can tell me what this is?

Namespace = //./root/subscription; Eventfilter = SCM Event Log Filter (refer to its activate eventid:5859); Consumer = NTEventLogEventConsumer="SCM Event Log Consumer"; PossibleCause = Binding EventFilter:

instance of __EventFilter

{

CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};

EventNamespace = "root\\cimv2";

Name = "SCM Event Log Filter";

Query = "select * from MSFT_SCMEventLogEvent";

QueryLanguage = "WQL";

};

Perm. Consumer:

instance of NTEventLogEventConsumer

{

Category = 0;

CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0};

EventType = 1;

Name = "SCM Event Log Consumer";

NameOfUserSIDProperty = "sid";

SourceName = "Service Control Manager";

};

System

- Provider

[ Name] Microsoft-Windows-WMI-Activity

[ Guid] {1418EF04-B0B4-4623-BF7E-D74AB47BBDAA}



EventID 5861



Version 0



Level 0



Task 0



Opcode 0



Keywords 0x4000000000000000



- TimeCreated

[ SystemTime] 2017-09-23T07:20:08.309942800Z



EventRecordID 7613



Correlation



- Execution

[ ProcessID] 4520

[ ThreadID] 720



Channel Microsoft-Windows-WMI-Activity/Operational



Computer DESKTOP-L2LHDAJ



- Security

[ UserID] S-1-5-18



- UserData

- Operation_ESStoConsumerBinding

Namespace //./root/subscription



ESS SCM Event Log Filter



CONSUMER NTEventLogEventConsumer="SCM Event Log Consumer"



PossibleCause Binding EventFilter: instance of __EventFilter { CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventNamespace = "root\\cimv2"; Name = "SCM Event Log Filter"; Query = "select * from MSFT_SCMEventLogEvent"; QueryLanguage =
"WQL"; }; Perm. Consumer: instance of NTEventLogEventConsumer { Category = 0; CreatorSID = {1, 2, 0, 0, 0, 0, 0, 5, 32, 0, 0, 0, 32, 2, 0, 0}; EventType = 1; Name = "SCM Event Log Consumer"; NameOfUserSIDProperty = "sid"; SourceName = "Service Control Manager";
};

 

Event viewer - Event id 4688

Hi,

you need to turn audit to view this event. See recommendations at
https://docs.microsoft.com/en-us/windows/securi...

 

WMI activity Event ID 5861

Okay well thank you, posted there but nothing yet. In the meantime I have just wiped the HD and reinstalled Windows 10 Pro with nothing but security software to see if I still get these events. If so, is there anyway that I can actually disable WMI? I have
tried several times in the past but it never works.

Well I have confirmed this is still happening after format and reinstall. Only things I have installed are MBAM, Spybot, and Superantispyware. 259 events so far. Previous install had 10x as many in just 4 days.