Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"Bitmotion-New Tab" added in Chrome (can't get rid of it&#

Started by tl79 , Jun 29 2017 05:18 PM

Please log in to reply

#151
tl79

Posted 04 July 2017 - 05:08 PM

Member

Topic Starter
Member
186 posts

Here's process explorer after the "fix windows update":

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 61.97 0 K 4 K 0

procexp64.exe 21.84 22,980 K 54,868 K 3752 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

reader_sl.exe 7.38 1,968 K 8,288 K 1384 Adobe Acrobat SpeedLauncher Adobe Systems Incorporated (Verified) Adobe Systems

dwm.exe 3.03 42,240 K 32,112 K 5740 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows

System 1.81 128 K 1,520 K 4

Interrupts 1.64 0 K 0 K n/a Hardware Interrupts and DPCs

csrss.exe 0.71 2,024 K 5,164 K 5312 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

explorer.exe 0.50 26,328 K 70,720 K 2012 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

aswidsagenta.exe 0.37 20,920 K 33,892 K 3928 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.

chrome.exe 0.27 105,756 K 157,028 K 6028 Google Chrome Google Inc. (Verified) Google Inc

svchost.exe 0.13 5,152 K 11,112 K 2676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

AvastSvc.exe 0.11 103,780 K 40,928 K 1760 Avast Service AVAST Software (Verified) AVAST Software s.r.o.

services.exe 0.09 3,316 K 7,588 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher

AvastUI.exe 0.04 18,284 K 24,044 K 5796 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.

chrome.exe 0.04 75,084 K 121,496 K 2428 Google Chrome Google Inc. (Verified) Google Inc

svchost.exe 0.03 63,600 K 75,760 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 0.02 8,660 K 22,852 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

SynTPEnh.exe 0.01 4,788 K 17,872 K 5412 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated

chrome.exe 0.01 56,560 K 92,656 K 5592 Google Chrome Google Inc. (Verified) Google Inc

stacsv64.exe < 0.01 2,132 K 9,016 K 1232 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher

hpservice.exe < 0.01 1,220 K 5,752 K 1452 HpService Hewlett-Packard Company (Verified) Hewlett-Packard Company

WmiPrvSE.exe 2,568 K 8,784 K 3972 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

wlanext.exe 1,456 K 5,996 K 1836 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows

winlogon.exe 2,324 K 8,240 K 5420 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows

wininit.exe 1,244 K 5,232 K 580 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher

taskhostw.exe 5,900 K 17,856 K 3456 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

SynTPHelper.exe 1,120 K 4,604 K 6048 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated

SynTPEnhService.exe 1,076 K 4,224 K 2648 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated

svchost.exe 36,404 K 65,044 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 39,864 K 23,368 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,636 K 9,688 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 12,924 K 21,740 K 68 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 13,300 K 25,828 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 7,352 K 17,860 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,872 K 16,064 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,400 K 11,280 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,432 K 9,276 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5,436 K 18,112 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 7,560 K 21,156 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,156 K 18,780 K 4772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,152 K 7,204 K 5032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

sttray64.exe 6,552 K 18,672 K 4100 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher

spoolsv.exe 5,764 K 14,480 K 1904 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 416 K 1,200 K 376 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher

smartscreen.exe 8,492 K 14,936 K 1632 SmartScreen Microsoft Corporation (Verified) Microsoft Windows

sihost.exe 4,696 K 19,336 K 4588 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ShellExperienceHost.exe Suspended 19,348 K 53,044 K 5804 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

SearchUI.exe Suspended 43,548 K 90,896 K 2960 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows

SearchIndexer.exe 23,616 K 26,268 K 1684 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 6,452 K 22,868 K 4656 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

procexp.exe 3,124 K 10,644 K 804 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

Memory Compression 48 K 916 K 2976

lsass.exe 5,052 K 13,936 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher

fontdrvhost.exe 816 K 3,388 K 4688 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows

csrss.exe 1,688 K 4,668 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

conhost.exe 1,192 K 5,040 K 1856 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 68,996 K 109,500 K 5284 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 2,500 K 9,516 K 3200 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 2,476 K 10,132 K 4484 Google Chrome Google Inc. (Verified) Google Inc

BrYNSvc.exe 2,372 K 9,240 K 5052 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.

audiodg.exe 6,728 K 12,880 K 6124 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

armsvc.exe 1,332 K 6,336 K 2512 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

agr64svc.exe 600 K 2,752 K 2496 LSI Soft Modem Call Progress Service LSI Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

AESTSr64.exe 564 K 2,836 K 2504 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

#152
RKinner

Posted 04 July 2017 - 06:01 PM

Malware Expert

Expert
24,624 posts

We lost a little ground on the Interrupts but perhaps not enough to slow it down. Adobe Reader has popped up - perhaps doing an update too.

How does it feel now? Does it feel faster?

#153
tl79

Posted 04 July 2017 - 06:11 PM

Member

Topic Starter
Member
186 posts

I don't usually use this one, but compared to what we had at the start I would say it is greatly improved!

#154
tl79

Posted 04 July 2017 - 06:17 PM

Member

Topic Starter
Member
186 posts

Here's a proc exp:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 36.23 0 K 4 K 0

procexp64.exe 26.76 22,056 K 53,336 K 4080 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

svchost.exe 21.93 58,888 K 70,980 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

dwm.exe 5.33 40,460 K 29,812 K 1412 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows

explorer.exe 2.97 26,516 K 71,368 K 5520 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

Interrupts 2.60 0 K 0 K n/a Hardware Interrupts and DPCs

System 1.41 128 K 1,528 K 4

csrss.exe 1.04 1,904 K 4,980 K 1716 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

SynTPEnh.exe 0.94 4,780 K 17,860 K 3840 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated

aswidsagenta.exe 0.32 20,452 K 35,996 K 3928 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.

SearchIndexer.exe 0.10 27,912 K 28,612 K 1684 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

AvastSvc.exe 0.09 102,596 K 40,164 K 1760 Avast Service AVAST Software (Verified) AVAST Software s.r.o.

svchost.exe 0.09 4,700 K 9,760 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 0.06 8,684 K 22,920 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

Memory Compression 0.06 68 K 4,264 K 2976

svchost.exe 0.05 5,332 K 11,284 K 2676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

AvastUI.exe 0.01 14,868 K 5,436 K 1460 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.

svchost.exe < 0.01 35,464 K 59,796 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

stacsv64.exe < 0.01 2,136 K 8,980 K 1232 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher

svchost.exe < 0.01 2,456 K 9,316 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

hpservice.exe < 0.01 1,224 K 5,748 K 1452 HpService Hewlett-Packard Company (Verified) Hewlett-Packard Company

WmiPrvSE.exe 2,400 K 8,568 K 3172 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

wlanext.exe 1,464 K 5,988 K 1836 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows

winlogon.exe 2,344 K 8,236 K 708 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows

wininit.exe 1,328 K 5,328 K 580 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher

taskhostw.exe 5,128 K 16,452 K 4024 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

SynTPHelper.exe 1,124 K 4,604 K 3344 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated

SynTPEnhService.exe 1,044 K 4,204 K 2648 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated

svchost.exe 7,480 K 17,940 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,456 K 22,336 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,968 K 16,120 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,256 K 11,228 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 16,076 K 24,496 K 68 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 13,400 K 25,904 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,124 K 18,840 K 4152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,324 K 19,008 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 7,504 K 21,484 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,236 K 7,060 K 5032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

sttray64.exe 6,580 K 18,652 K 896 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher

spoolsv.exe 5,748 K 14,392 K 1904 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 416 K 1,200 K 376 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher

smartscreen.exe 8,548 K 14,916 K 104 SmartScreen Microsoft Corporation (Verified) Microsoft Windows

sihost.exe 4,812 K 19,268 K 528 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ShellExperienceHost.exe Suspended 19,344 K 53,216 K 5580 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

services.exe 3,296 K 7,564 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher

SearchUI.exe Suspended 43,728 K 91,068 K 2268 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows

SearchProtocolHost.exe 2,680 K 9,856 K 3612 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows

SearchFilterHost.exe 4,504 K 15,988 K 764 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 5,968 K 21,276 K 5620 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

procexp.exe 3,120 K 10,596 K 1964 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

lsass.exe 5,236 K 14,460 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher

fontdrvhost.exe 828 K 3,388 K 5644 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows

csrss.exe 1,636 K 4,660 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

conhost.exe 1,192 K 5,040 K 1856 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

BrYNSvc.exe 2,372 K 9,232 K 5052 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.

audiodg.exe 7,064 K 10,856 K 1928 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

armsvc.exe 1,328 K 6,328 K 2512 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

agr64svc.exe 600 K 2,748 K 2496 LSI Soft Modem Call Progress Service LSI Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

AESTSr64.exe 564 K 2,836 K 2504 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

#155
tl79

Posted 04 July 2017 - 06:18 PM

Member

Topic Starter
Member
186 posts

searchfilterhost kept jumping up to the top while I was running process explorer this last time

#156
RKinner

Posted 04 July 2017 - 06:33 PM

Malware Expert

Expert
24,624 posts

Curses.

Still looks ugly. SVCHost is back. Interrupts went high too.

Does Windows Update show any updates?

Have we tried just running on battery?

Speaking of battery your laptop had a battery recall. Too bad you have a generic battery now. Don't suppose you kept the old one?

#157
tl79

Posted 04 July 2017 - 06:45 PM

Member

Topic Starter
Member
186 posts

I checked windows update: "Your device is up to date. Last checked: Today, ‏‎5:46 PM"

I'm running on battery now. I have been running just on the AC adapter.

I laughed when I read your comment about the battery recall. I've had several (original) batteries sitting downstairs for more than year and just recently recycled them (wouldn't you know there'd be a recall!

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 56.00 0 K 4 K 0

svchost.exe 18.34 62,296 K 74,324 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

procexp64.exe 16.11 22,688 K 53,276 K 2608 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

Interrupts 3.40 0 K 0 K n/a Hardware Interrupts and DPCs

System 2.73 128 K 1,532 K 4

dwm.exe 2.13 48,092 K 38,156 K 2148 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows

csrss.exe 0.51 1,956 K 5,012 K 3016 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

explorer.exe 0.21 27,748 K 74,044 K 3180 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 0.18 5,300 K 11,264 K 2676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

chrome.exe 0.13 83,216 K 131,188 K 4532 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 0.09 69,224 K 108,280 K 3468 Google Chrome Google Inc. (Verified) Google Inc

AvastSvc.exe 0.08 104,388 K 42,580 K 1760 Avast Service AVAST Software (Verified) AVAST Software s.r.o.

svchost.exe 0.04 36,092 K 61,628 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

AvastUI.exe 0.02 14,920 K 7,560 K 5428 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.

aswidsagenta.exe 0.01 21,116 K 36,184 K 3928 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.

svchost.exe 0.01 4,768 K 9,840 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

SynTPEnh.exe < 0.01 4,780 K 17,844 K 4756 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated

stacsv64.exe < 0.01 2,136 K 8,976 K 1232 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher

hpservice.exe < 0.01 1,208 K 5,744 K 1452 HpService Hewlett-Packard Company (Verified) Hewlett-Packard Company

WmiPrvSE.exe 2,520 K 8,664 K 1556 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

wlanext.exe 1,464 K 5,988 K 1836 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows

winlogon.exe 2,384 K 8,248 K 5604 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows

wininit.exe 1,324 K 5,344 K 580 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher

taskhostw.exe 5,796 K 17,356 K 5152 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

SynTPHelper.exe 1,124 K 4,600 K 4016 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated

SynTPEnhService.exe 1,020 K 4,200 K 2648 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated

svchost.exe 13,768 K 26,296 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,580 K 22,528 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 8,768 K 23,056 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 15,640 K 24,220 K 68 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 7,512 K 18,016 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 7,500 K 21,420 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5,944 K 18,856 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,304 K 11,248 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,960 K 16,128 K 1672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,476 K 9,336 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,392 K 7,160 K 5032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,192 K 18,756 K 4312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,648 K 6,424 K 3032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

sttray64.exe 6,600 K 18,664 K 4732 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher

spoolsv.exe 5,748 K 14,404 K 1904 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 420 K 1,196 K 376 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher

smartscreen.exe 8,512 K 14,880 K 5812 SmartScreen Microsoft Corporation (Verified) Microsoft Windows

sihost.exe 4,572 K 19,644 K 1076 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ShellExperienceHost.exe Suspended 23,076 K 62,056 K 2452 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

services.exe 3,132 K 7,516 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher

SearchUI.exe Suspended 44,504 K 92,124 K 2248 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows

SearchProtocolHost.exe 2,932 K 9,992 K 5092 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows

SearchIndexer.exe 24,384 K 28,672 K 1684 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

SearchFilterHost.exe 4,440 K 13,664 K 2852 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 6,108 K 20,828 K 3112 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

procexp.exe 3,124 K 9,144 K 604 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

Memory Compression 84 K 5,840 K 2976

lsass.exe 5,232 K 14,456 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher

fontdrvhost.exe 816 K 3,392 K 4684 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows

dllhost.exe 2,116 K 9,568 K 4316 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

csrss.exe 1,636 K 4,664 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

conhost.exe 1,244 K 5,056 K 1856 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 54,988 K 91,128 K 5892 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 69,096 K 110,132 K 2252 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 2,488 K 10,152 K 1392 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 2,492 K 9,420 K 4508 Google Chrome Google Inc. (Verified) Google Inc

BrYNSvc.exe 2,380 K 9,264 K 5052 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.

audiodg.exe 7,168 K 11,064 K 772 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

armsvc.exe 1,328 K 6,328 K 2512 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

ApplicationFrameHost.exe 5,332 K 18,716 K 672 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

agr64svc.exe 600 K 2,748 K 2496 LSI Soft Modem Call Progress Service LSI Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

AESTSr64.exe 564 K 2,836 K 2504 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

#158
RKinner

Posted 04 July 2017 - 06:57 PM

Malware Expert

Expert
24,624 posts

Running on Battery shows a higher Interrupt so probably not a problem with the power supply. (Many HP laptops use a center pin connector so they can detect non-HP adapters and then they run slower supposedly to protect the CPU but in reality to make you buy their stuff.)

Let's verify the svchost is windows update

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Win 8: http://www.eightforu...indows-8-a.html

win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

If you have rebooted since the last log please make a new one.

#159
tl79

Posted 04 July 2017 - 07:09 PM

Member

Topic Starter
Member
186 posts

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

smss.exe 376 N/A

csrss.exe 504 N/A

wininit.exe 580 N/A

services.exe 636 N/A

lsass.exe 644 KeyIso, SamSs, VaultSvc

svchost.exe 716 BrokerInfrastructure, DcomLaunch, LSM,

PlugPlay, Power, SystemEventsBroker

svchost.exe 808 RpcEptMapper, RpcSs

svchost.exe 1008 Appinfo, DoSvc, gpsvc, IKEEXT, iphlpsvc,

LanmanServer, lfsvc, ProfSvc, Schedule,

seclogon, SENS, ShellHWDetection, Themes,

UserManager, Winmgmt, WpnService, wuauserv

svchost.exe 1016 BFE, CoreMessagingRegistrar, DPS, MpsSvc

svchost.exe 68 Dhcp, EventLog, lmhosts, TimeBrokerSvc,

wscsvc

svchost.exe 408 AudioEndpointBuilder,

DeviceAssociationService, hidserv,

NcbService, Netman, PcaSvc, SmsRouter,

StorSvc, SysMain, TrkWks, WdiSystemHost,

wudfsvc

svchost.exe 1028 CDPSvc, EventSystem, FontCache,

LicenseManager, netprofm, nsi,

WdiServiceHost, WinHttpAutoProxySvc

svchost.exe 1116 CryptSvc, Dnscache, LanmanWorkstation,

NlaSvc

stacsv64.exe 1232 STacSV

svchost.exe 1356 Audiosrv

hpservice.exe 1452 hpsrv

svchost.exe 1568 Wcmsvc

svchost.exe 1660 StateRepository, tiledatamodelsvc

svchost.exe 1672 WlanSvc

SearchIndexer.exe 1684 WSearch

AvastSvc.exe 1760 avast! Antivirus

wlanext.exe 1836 N/A

conhost.exe 1856 N/A

spoolsv.exe 1904 Spooler

agr64svc.exe 2496 AgereModemAudio

AESTSr64.exe 2504 AESTFilters

armsvc.exe 2512 AdobeARMservice

svchost.exe 2536 DiagTrack

SynTPEnhService.exe 2648 SynTPEnhService

svchost.exe 2676 stisvc

Memory Compression 2976 N/A

aswidsagenta.exe 3928 aswbIDSAgent

BrYNSvc.exe 5052 BrYNSvc

svchost.exe 5032 SSDPSRV

csrss.exe 3016 N/A

winlogon.exe 5604 N/A

dwm.exe 2148 N/A

SynTPEnh.exe 4756 N/A

svchost.exe 4312 CDPUserSvc_42437a, OneSyncSvc_42437a

sihost.exe 1076 N/A

taskhostw.exe 5152 N/A

SynTPHelper.exe 4016 N/A

RuntimeBroker.exe 3112 N/A

explorer.exe 3180 N/A

ShellExperienceHost.exe 2452 N/A

SearchUI.exe 2248 N/A

sttray64.exe 4732 N/A

AvastUI.exe 5428 N/A

dllhost.exe 4316 N/A

ApplicationFrameHost.exe 672 N/A

fontdrvhost.exe 4684 N/A

SystemSettings.exe 6100 N/A

SearchProtocolHost.exe 5916 N/A

SearchFilterHost.exe 5580 N/A

audiodg.exe 1420 N/A

smartscreen.exe 4036 N/A

chrome.exe 4048 N/A

chrome.exe 5316 N/A

chrome.exe 5068 N/A

chrome.exe 2472 N/A

chrome.exe 848 N/A

chrome.exe 1508 N/A

dllhost.exe 2560 N/A

dllhost.exe 1516 N/A

cmd.exe 4588 N/A

conhost.exe 1796 N/A

tasklist.exe 4180 N/A

WmiPrvSE.exe 3288 N/A

#160
RKinner

Posted 04 July 2017 - 08:41 PM

Malware Expert

Expert
24,624 posts

Not Windows Update this time.

svchost.exe 18.34 62,296 K 74,324 K 408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 408 AudioEndpointBuilder,

DeviceAssociationService, hidserv,

NcbService, Netman, PcaSvc, SmsRouter,

StorSvc, SysMain, TrkWks, WdiSystemHost,

wudfsvc

Have we done dism and sfc on this one yet?

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

http://www.eightforu...indows-8-a.html

If you open an elevated command prompt it will by default open in c:\Windows\system32

Once you have an elevated command prompt:

Type:

DISM /Online /Cleanup-Image /RestoreHealth

(I use two spaces so you can be sure to see where one space goes.)

Hit Enter. This will take a while (10-20 minutes) to complete. Once the prompt returns:

Reboot. Open an elevated Command Prompt again and type (with an Enter after the line):

sfc /scannow

This will also take a few minutes.

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)

Windows Resource Protection found corrupt files and repaired them (a good thing)

Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \junk.txt

Hit Enter. Then type::

notepad \junk.txt

Hit Enter.

Copy the text from notepad and paste it into a reply.

After you finish SFC, regardless of the result:

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#161
tl79

Posted 05 July 2017 - 07:07 AM

Member

Topic Starter
Member
186 posts

I don't think we did either dism or sfc. Dism is running now on the laptop. I'll run sfc as soon as it finishes.

#162
tl79

Posted 05 July 2017 - 07:59 AM

Member

Topic Starter
Member
186 posts

Windows did not find any integrity violations (a good thing)

#163
tl79

Posted 05 July 2017 - 08:02 AM

Member

Topic Starter
Member
186 posts

VEW system:

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 05/07/2017 9:02:05 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 05/07/2017 1:09:00 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 05/07/2017 1:07:06 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user mel-PC\mel SID (S-1-5-21-1930977450-1904899304-3597289394-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 05/07/2017 12:33:44 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/07/2017 12:38:36 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/07/2017 12:10:38 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 10:42:34 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 9:06:32 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 9:05:27 PM

Type: Error Category: 0

Event: 7043 Source: Service Control Manager

The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 04/07/2017 8:53:13 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 12:40:50 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 12:24:16 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 12:20:21 PM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 11:58:18 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 11:57:17 AM

Type: Error Category: 0

Event: 7043 Source: Service Control Manager

The aswbIDSAgent service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 04/07/2017 11:38:22 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 1:50:09 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 1:19:35 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 1:10:39 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 12:36:28 AM

Type: Error Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 04/07/2017 12:34:22 AM

Type: Error Category: 0

Event: 7030 Source: Service Control Manager

The HPWMISVC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 05/07/2017 1:19:51 PM

Type: Warning Category: 0

Event: 4 Source: Microsoft-Windows-FilterManager

File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T11:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy3'. The filter returned a non-standard final status of 0xC000000D. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 05/07/2017 1:19:48 PM

Type: Warning Category: 0

Event: 4 Source: Microsoft-Windows-FilterManager

File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T11:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy1'. The filter returned a non-standard final status of 0xC000000D. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 05/07/2017 1:19:44 PM

Type: Warning Category: 0

Event: 4 Source: Microsoft-Windows-FilterManager

File System Filter 'wcifs' (Version 10.0, ?2016?-?09?-?15T11:42:03.000000000Z) failed to attach to volume '\Device\HarddiskVolumeShadowCopy4'. The filter returned a non-standard final status of 0xC000000D. This filter and/or its supporting applications should handle this condition. If this condition persists, contact the vendor.

Log: 'System' Date/Time: 05/07/2017 1:08:49 PM

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-Wininit

Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications. Please visit http://support.microsoft.com/kb/197571for more information.

Log: 'System' Date/Time: 05/07/2017 1:08:38 PM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 05/07/2017 1:07:49 PM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 05/07/2017 12:33:43 PM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 05/07/2017 12:38:37 AM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 05/07/2017 12:10:38 AM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 04/07/2017 10:42:35 PM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 04/07/2017 9:38:56 PM

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name rewppbmnevilb timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/07/2017 9:06:28 PM

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-Wininit

Log: 'System' Date/Time: 04/07/2017 9:06:19 PM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 04/07/2017 9:05:29 PM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 04/07/2017 8:53:12 PM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 04/07/2017 12:40:49 PM

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-Wininit

Log: 'System' Date/Time: 04/07/2017 12:40:40 PM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 04/07/2017 12:39:50 PM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped. Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 04/07/2017 12:24:17 PM

Type: Warning Category: 0

Event: 11 Source: Microsoft-Windows-Wininit

Log: 'System' Date/Time: 04/07/2017 12:24:06 PM

Type: Warning Category: 0

Event: 1 Source: RTL8167

Realtek PCIe FE Family Controller is disconnected from network.

#164
tl79

Posted 05 July 2017 - 08:04 AM

Member

Topic Starter
Member
186 posts

VEW application:

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 05/07/2017 9:03:35 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 04/07/2017 1:16:52 AM

Type: Error Category: 5973

Event: 5973 Source: Microsoft-Windows-Immersive-Shell

Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 04/07/2017 1:11:59 AM

Type: Error Category: 0

Event: 10007 Source: Microsoft-Windows-RestartManager

Application or service 'HPWMISVC' could not be restarted.

Log: 'Application' Date/Time: 04/07/2017 12:33:54 AM

Type: Error Category: 0

Event: 513 Source: Microsoft-Windows-CAPI2

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:

Access is denied. .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 04/07/2017 1:11:47 AM

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe' (pid 2868) cannot be restarted - Application SID does not match Conductor SID..