Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

how do I perform maintenance on my old laptop?

Started by mrpooh3 , Aug 03 2017 01:35 PM

Best Answer mrpooh3 , 26 August 2017 - 02:06 AM

Hi RKinner,After me spending all that time fixing his laptop up,he decides he wants a new one!At least mines is fully back in action and speedwise it is now like a bullet.Thanks for all the help yo... Go to the full post »

Page 3 of 6
1
2
3
4
5

Please log in to reply

#31
mrpooh3

Posted 07 August 2017 - 10:45 PM

Member

Topic Starter
Member
281 posts

Hi,I had to install microsoft office earlier as my sister had to do something with a word doc for her work.

here is my process explorer text :

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

SASCORE64.EXE < 0.01 1,340 K 6,128 K 2868 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com

mepService.exe 1,884 K 8,668 K 2092 MyEpson Portal Service Seiko Epson Corporation (Verified) SEIKO EPSON CORPORATION

mep.exe 16,828 K 37,312 K 8372 MyEpson Portal Seiko Epson Corporation (Verified) SEIKO EPSON CORPORATION

escsvc64.exe 1,272 K 5,756 K 2900 Epson Scanner Service (64bit) Seiko Epson Corporation (Verified) SEIKO EPSON CORPORATION

EEventManager.exe 0.01 3,160 K 13,200 K 9192 EEventManager Application SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION

E_YATIRDE.EXE 3,944 K 11,064 K 3084 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION

SDIOAssist.exe < 0.01 1,932 K 7,768 K 3708 SDIOAssist O2Micro. (Verified) O2Micro Inc.

o2flash.exe 1,044 K 4,244 K 2084 O2 Flash Memory Service O2Micro International (Verified) O2Micro Inc.

wininit.exe 1,648 K 6,776 K 740 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 928 K 3,768 K 932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 10,252 K 25,352 K 972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 0.01 5,220 K 10,848 K 404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,612 K 6,604 K 516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,148 K 9,448 K 1224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,308 K 15,672 K 1236 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,992 K 10,836 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,672 K 10,620 K 1320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,036 K 8,232 K 1404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 13,140 K 15,060 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,304 K 5,712 K 1512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,112 K 7,760 K 1520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,408 K 8,504 K 1588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,852 K 8,048 K 1636 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,320 K 7,452 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,972 K 7,848 K 1680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,668 K 7,592 K 1688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,284 K 11,812 K 1752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,524 K 5,868 K 1812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,180 K 9,412 K 1872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,004 K 11,960 K 1920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,444 K 10,608 K 2020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,076 K 18,628 K 2172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,232 K 11,404 K 2244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,660 K 6,228 K 2248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,284 K 8,212 K 2260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,840 K 15,252 K 2372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,476 K 12,704 K 2412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,956 K 7,716 K 2560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,324 K 5,800 K 2720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,580 K 9,116 K 2744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,536 K 7,508 K 2756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,796 K 6,944 K 2760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,204 K 20,664 K 2936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 14,520 K 21,512 K 2988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,468 K 12,420 K 3016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,792 K 6,924 K 3052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,664 K 8,340 K 2552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,892 K 18,168 K 3152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,260 K 5,556 K 3160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,596 K 6,604 K 3184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,724 K 18,792 K 3196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5,312 K 21,052 K 3232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,320 K 5,408 K 3420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,592 K 13,144 K 3512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,812 K 16,400 K 5040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,400 K 12,692 K 5088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,400 K 6,180 K 5400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 6,072 K 19,500 K 5432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,116 K 9,984 K 2396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,380 K 8,988 K 7884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,712 K 8,560 K 8176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,564 K 9,640 K 2152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,576 K 7,452 K 8876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,076 K 8,956 K 7680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,496 K 6,152 K 6048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,424 K 5,292 K 8572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,348 K 5,664 K 4912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 5,440 K 23,112 K 32 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,744 K 27,072 K 8488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 7,760 K 31,576 K 4436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 9,876 K 20,620 K 7288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 1,792 K 7,944 K 9048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,812 K 6,904 K 3372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,788 K 11,292 K 5548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,712 K 5,928 K 7688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,448 K 7,240 K 7516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

smss.exe 484 K 1,236 K 504 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher

services.exe < 0.01 4,460 K 9,692 K 816 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher

SecurityHealthService.exe < 0.01 3,096 K 12,556 K 3104 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher

csrss.exe 2,116 K 5,680 K 644 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

csrss.exe 0.13 2,636 K 5,596 K 3624 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher

WmiPrvSE.exe 3,688 K 8,136 K 3632 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

WmiPrvSE.exe 3,424 K 8,892 K 6488 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

WmiPrvSE.exe 2,636 K 8,956 K 8496 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

WmiPrvSE.exe 2,364 K 8,340 K 7792 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows

wlanext.exe 1,400 K 5,748 K 2672 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows

winlogon.exe 2,160 K 8,076 K 9180 Windows Log-on Application Microsoft Corporation (Verified) Microsoft Windows

taskhostw.exe 6,976 K 20,256 K 6236 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

spoolsv.exe 6,528 K 15,996 K 2468 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smartscreen.exe 13,260 K 22,272 K 5004 SmartScreen Microsoft Corporation (Verified) Microsoft Windows

sihost.exe 5,532 K 24,780 K 5256 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ShellExperienceHost.exe Suspended 33,152 K 82,732 K 8632 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

SettingSyncHost.exe 5,552 K 5,484 K 5116 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows

SearchUI.exe Suspended 41,588 K 92,812 K 7764 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows

SearchIndexer.exe < 0.01 19,260 K 19,880 K 6520 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 5,396 K 26,820 K 7988 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

fontdrvhost.exe 1,844 K 3,940 K 952 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows

fontdrvhost.exe 3,424 K 8,528 K 4620 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows

explorer.exe 0.03 46,056 K 116,224 K 9200 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

dwm.exe 0.17 34,460 K 54,792 K 4280 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows

dllhost.exe 2,248 K 10,792 K 9100 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

dllhost.exe 1,652 K 7,176 K 1176 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 1,292 K 5,568 K 2680 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

conhost.exe 5,664 K 10,292 K 5108 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

audiodg.exe 6,768 K 11,584 K 960 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows

ApplicationFrameHost.exe 4,796 K 22,108 K 204 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

procexp64.exe 0.79 43,456 K 66,680 K 3344 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

procexp.exe 3,132 K 10,600 K 6284 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

OfficeClickToRun.exe < 0.01 44,056 K 67,068 K 3612 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation

avpui.exe < 0.01 68,572 K 3,252 K 4864 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab

avp.exe 0.05 409,424 K 158,708 K 2908 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab

igfxpers.exe 2,000 K 9,764 K 2860 persistence Module Intel Corporation (Verified) Intel® pGFX

hkcmd.exe 1,628 K 8,452 K 8796 hkcmd Module Intel Corporation (Verified) Intel® pGFX

GoogleCrashHandler64.exe 1,620 K 280 K 6056 Google Crash Handler Google Inc. (Verified) Google Inc

GoogleCrashHandler.exe 1,628 K 320 K 5212 Google Crash Handler Google Inc. (Verified) Google Inc

chrome.exe 73,032 K 121,588 K 812 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 3,108 K 12,844 K 528 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 4,648 K 13,800 K 7872 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 54,764 K 85,116 K 8600 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe < 0.01 71,772 K 81,752 K 8304 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 36,420 K 41,360 K 9040 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 0.01 98,108 K 121,872 K 6080 Google Chrome Google Inc. (Verified) Google Inc

M-AudioTaskBarIcon.exe 2,060 K 12,164 K 1180 M-Audio Task Bar Icon Applet Avid Technology, Inc. (Verified) Avid Technology

AppleMobileDeviceService.exe < 0.01 3,228 K 12,040 K 2884 MobileDeviceService Apple Inc. (Verified) Apple Inc.

HidMonitorSvc.exe 1,172 K 5,380 K 2876 HidMonitorSvc アプリケーション Alps Electric Co., Ltd. (Verified) Alps Electric Co.

hidfind.exe 1,172 K 5,288 K 3488 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Alps Electric Co.

Apoint.exe 0.01 3,092 K 15,524 K 5408 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Alps Electric Co.

ApntEx.exe 1,688 K 7,264 K 7368 Alps Pointing-device Driver for Windows Alps Electric Co., Ltd. (Verified) Alps Electric Co.

ApMsgFwd.exe 0.04 1,764 K 7,244 K 7408 ApMsgFwd Alps Electric Co., Ltd. (Verified) Alps Electric Co.

armsvc.exe 1,328 K 6,540 K 2916 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems

srvany.exe 796 K 4,236 K 3636 (No signature was present in the subject)

System Idle Process 97.85 52 K 8 K 0

System 0.14 192 K 308 K 4

Memory Compression 240 K 12,384 K 3428

lsass.exe 5,588 K 14,984 K 828

Interrupts 0.74 0 K 0 K n/a Hardware Interrupts and DPCs

#32
RKinner

Posted 08 August 2017 - 05:12 AM

Malware Expert

Expert
24,625 posts

Nothing using the CPU now. Let's verify that all of those svchosts are legit:

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

#33
mrpooh3

Posted 08 August 2017 - 11:32 AM

Member

Topic Starter
Member
281 posts

Nothing using the CPU now. Let's verify that all of those svchosts are legit:

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Hi,here is the notepad text :

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

smss.exe 468 N/A

csrss.exe 620 N/A

wininit.exe 716 N/A

services.exe 792 N/A

lsass.exe 800 KeyIso, SamSs, VaultSvc

svchost.exe 900 PlugPlay

fontdrvhost.exe 920 N/A

svchost.exe 936 BrokerInfrastructure, DcomLaunch, Power,

SystemEventsBroker

svchost.exe 1016 RpcEptMapper, RpcSs

svchost.exe 8 LSM

svchost.exe 1160 NcbService

svchost.exe 1176 TimeBrokerSvc

svchost.exe 1268 BFE, CoreMessagingRegistrar, MpsSvc

svchost.exe 1296 Schedule

svchost.exe 1312 hidserv

svchost.exe 1372 ProfSvc

svchost.exe 1428 EventLog

svchost.exe 1500 UserManager

svchost.exe 1524 nsi

svchost.exe 1632 EventSystem

svchost.exe 1644 Themes

svchost.exe 1652 Dhcp

svchost.exe 1748 SENS

svchost.exe 1784 NlaSvc

svchost.exe 1812 AudioEndpointBuilder

svchost.exe 1820 FontCache

svchost.exe 1912 netprofm

svchost.exe 2008 Audiosrv

svchost.exe 1856 StateRepository

svchost.exe 1808 Dnscache

svchost.exe 1884 DusmSvc

svchost.exe 2032 Wcmsvc

svchost.exe 2188 WlanSvc

svchost.exe 2224 ShellHWDetection

spoolsv.exe 2304 Spooler

svchost.exe 2364 LanmanWorkstation

wlanext.exe 2476 N/A

conhost.exe 2504 N/A

svchost.exe 2692 IKEEXT

svchost.exe 2700 PolicyAgent

svchost.exe 2712 LanmanServer

SASCORE64.EXE 2852 !SASCORE

HidMonitorSvc.exe 2860 ApHidMonitorService

AppleMobileDeviceService. 2868 Apple Mobile Device Service

escsvc64.exe 2876 EpsonScanSvc

armsvc.exe 2884 AdobeARMservice

avp.exe 2892 AVP17.0.0

svchost.exe 2900 DiagTrack

svchost.exe 2908 DPS

svchost.exe 2924 CryptSvc

OfficeClickToRun.exe 2944 ClickToRunSvc

svchost.exe 2952 WinHttpAutoProxySvc

mepService.exe 3068 MyEpson Portal Service

o2flash.exe 3076 O2FLASH

srvany.exe 3108 O2SDIOAssist

svchost.exe 3116 PcaSvc

SecurityHealthService.exe 3164 SecurityHealthService

svchost.exe 3188 SysMain

svchost.exe 3204 tiledatamodelsvc

svchost.exe 3220 TrkWks

svchost.exe 3228 W32Time

svchost.exe 3256 Winmgmt

svchost.exe 3284 WpnService

SDIOAssist.exe 3412 N/A

Memory Compression 3672 N/A

svchost.exe 3708 WdiServiceHost

svchost.exe 3732 iphlpsvc

svchost.exe 3816 DeviceAssociationService

svchost.exe 4668 CDPSvc

svchost.exe 4696 lfsvc

svchost.exe 2600 TokenBroker

GoogleCrashHandler.exe 5396 N/A

GoogleCrashHandler64.exe 5472 N/A

svchost.exe 6068 Appinfo

SearchIndexer.exe 6608 WSearch

svchost.exe 7172 LicenseManager

svchost.exe 7844 stisvc

svchost.exe 1840 SSDPSRV

IAStorDataMgrSvc.exe 1072 IAStorDataMgrSvc

svchost.exe 1480 wscsvc

WmiPrvSE.exe 8616 N/A

svchost.exe 4772 StorSvc

svchost.exe 8424 WdiSystemHost

svchost.exe 6760 wudfsvc

svchost.exe 4448 RmSvc

csrss.exe 7032 N/A

winlogon.exe 4940 N/A

fontdrvhost.exe 7480 N/A

dwm.exe 7424 N/A

svchost.exe 8944 wlidsvc

Apoint.exe 2548 N/A

mep.exe 4372 N/A

svchost.exe 4676 lmhosts

svchost.exe 6228 CDPUserSvc_5e2949

sihost.exe 1988 N/A

svchost.exe 7584 WpnUserService_5e2949

taskhostw.exe 8164 N/A

explorer.exe 7768 N/A

ApMsgFwd.exe 8784 N/A

hidfind.exe 3148 N/A

ApntEx.exe 2212 N/A

conhost.exe 6704 N/A

SearchUI.exe 3956 N/A

ShellExperienceHost.exe 7004 N/A

avpui.exe 968 N/A

RuntimeBroker.exe 3748 N/A

smartscreen.exe 7096 N/A

SettingSyncHost.exe 6576 N/A

hkcmd.exe 6724 N/A

igfxpers.exe 476 N/A

M-AudioTaskBarIcon.exe 8912 N/A

E_YATIRDE.EXE 4952 N/A

EEventManager.exe 5824 N/A

svchost.exe 2444 OneSyncSvc_5e2949,

PimIndexMaintenanceSvc_5e2949,

UnistoreSvc_5e2949, UserDataSvc_5e2949

IAStorIcon.exe 6544 N/A

chrome.exe 6092 N/A

chrome.exe 8760 N/A

chrome.exe 7932 N/A

chrome.exe 8856 N/A

chrome.exe 3792 N/A

chrome.exe 6424 N/A

chrome.exe 2820 N/A

chrome.exe 2808 N/A

dllhost.exe 9172 N/A

svchost.exe 4968 BITS

audiodg.exe 3240 N/A

cmd.exe 6772 N/A

conhost.exe 7676 N/A

tasklist.exe 3456 N/A

WmiPrvSE.exe 980 N/A

#34
RKinner

Posted 08 August 2017 - 01:10 PM

Malware Expert

Expert
24,625 posts

Looks legit. Do you know why you have things set up to only have one service per svchost? There is a slight performance drop when you do it that way.

#35
mrpooh3

Posted 08 August 2017 - 01:38 PM

Member

Topic Starter
Member
281 posts

Looks legit. Do you know why you have things set up to only have one service per svchost? There is a slight performance drop when you do it that way.

Hi RKinner!

I can't remember tbh.......could you explain how I would change it please?

btw just to keep you updated with what I have been doing......I installed intel support assistant when checking BIOS and it found that I was missing something called intel rapid storage technology so as I was having 100% disk usage I installed that to see if it would help but so far no luck.

I ran the hardware check on it earlier with this program aswell and about 15 mins in the laptop switched off due to overheating,the cpu was around 75 i think but the disk usage was stuck at 100% in task manager.

Do you think it's possible that my HD could be on the way out?

I have also received an automatic update from microsoft just about an hour ago which updated sucessfully.

I switched off system restore last night and it deleted all my restore points to see if this would help speed but no luck.

Iv'e tried turning off intel speedstep and csates1 off in the bios but am not sure what effect this is having but when I look in cpuz with intel speedstep set to on ,the speed of the cores are jumping around like crazy.

There is a bios feature called freefall protection which is currently enabled....should I turn this feature off?

Since I have installed the RAM the laptop seems very sluggish and getting hot etc.

Thanks to your help though the boot speed has definitely improved.

I have burned memtest86+ to a dvd-r disc and will run it as soon as you tell me(was thinking you might possibly want me to run it overnight)....I have never ran a memtest so if you could advise me on what to do etc with this aswell that would be great.

Is it possible that when I re-do the thermal paste on the cpu that this might help temp of cpu?

apologies for long post but trying to remember everything I have done.

cheers.

ps.nearly forgot to mention that I also done a bios defrag using piriform defraggler but haven't defragged the HD and will do a defrag when I know if I have no hardware issues.

Edited by mrpooh3, 08 August 2017 - 01:53 PM.

#36
RKinner

Posted 08 August 2017 - 03:29 PM

Malware Expert

Expert
24,625 posts

I'm not sure how you got the svchosts all separate. There is an sc command that works on one services at a time:

sc config wuauserv type= own

wuauserv is windows update service.

The opposite command is

sc config wuauserv type= share

Perhaps if you ran it with a * instead of a service name it would split them all apart. Lets look at the registry entry and make sure it looks right

Copy the next two lines:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost" > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Win 8: http://www.eightforu...indows-8-a.html

win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

If you go in to Task Manager, Performance, Resource Monitor then choose Disk and wait a while it will show you who is writing and reading from the disk. You can click on the column header to sort things.

HD Tune is a good way of testing your hard drive:

http://www.hdtune.com/

The free version download is at: http://www.hdtune.co.../hdtune_255.exe

Ideally we want a nice smooth graph like on the first page. If the graph is jagged then things are not so good. They don't say the free version works for win 10 so it it won't work try the free trial on the first page.

#37
mrpooh3

Posted 08 August 2017 - 04:00 PM

Member

Topic Starter
Member
281 posts

Hi,

I wasn't sure wether you wanted me to type sc config wuauservtype=own in command so I just done the copy lines in command.

here is the result:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

bthaudiosvc REG_MULTI_SZ BthHFSrv

DcomLaunch REG_MULTI_SZ Power\0LSM\0BrokerInfrastructure\0PlugPlay\0DcomLaunch\0DeviceInstall\0SystemEventsBroker

defragsvc REG_MULTI_SZ defragsvc

LocalServiceNetworkRestricted REG_MULTI_SZ TimeBrokerSvc\0eventlog\0AudioSrv\0wscsvc\0LmHosts\0AppIDSvc\0DusmSvc\0homegroupprovider\0vmictimesync\0WFDSConMgrSvc\0NgcCtnrSvc\0AJRouter\0icssvc\0RmSvc\0wcmsvc\0DHCP

rdxgroup REG_MULTI_SZ RetailDemo

RPCSS REG_MULTI_SZ RpcEptMapper\0RpcSs

sdrsvc REG_MULTI_SZ sdrsvc

utcsvc REG_MULTI_SZ DiagTrack

WepHostSvcGroup REG_MULTI_SZ WepHostSvc

LocalService REG_MULTI_SZ nsi\0WdiServiceHost\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0SstpSvc\0netprofm\0lltdsvc\0FontCache\0fdphost\0bthserv\0tzautoupdate\0CDPSvc\0SEMgrSvc\0PhoneSvc\0wlpasvc\0WebClient\0LicenseManager\0workfolderssvc

LocalSystemNetworkRestricted REG_MULTI_SZ HvHost\0WdiSystemHost\0ScDeviceEnum\0WiaRpc\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0hidserv\0dot3svc\0DsSvc\0WPDBusEnum\0fhsvc\0vmicvss\0SensorService\0irmon\0EmbeddedMode\0DeviceAssociationService\0sysmain\0svsvc\0DevQueryBroker\0StorSvc\0vmickvpexchange\0vmicshutdown\0vmicguestinterface\0vmicvmsession\0Netman\0TabletInputService\0PcaSvc\0IPxlatCfgSvc\0SmsRouter\0NgcSvc\0NcbService\0homegrouplistener\0wlansvc\0CscService\0UmRdpService

netsvcs REG_MULTI_SZ CertPropSvc\0SCPolicySvc\0lanmanserver\0gpsvc\0IKEEXT\0iphlpsvc\0seclogon\0AppInfo\0msiscsi\0EapHost\0schedule\0winmgmt\0browser\0ProfSvc\0SessionEnv\0wercplsupport\0dosvc\0shpamsvc\0XblGameSave\0NaturalAuthentication\0wlidsvc\0UserManager\0XblAuthManager\0DmEnrollmentSvc\0xbgm\0Themes\0TokenBroker\0lfsvc\0FastUserSwitchingCompatibility\0Ias\0Irmon\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Wmi\0WmdmPmSp\0wuauserv\0BITS\0ShellHWDetection\0LogonHours\0PCAudit\0helpsvc\0uploadmgr\0dmwappushservice\0wisvc\0WpnService\0BDESVC\0XboxNetApiSvc\0UsoSvc\0NetSetupSvc\0DsmSvc\0NcaSvc\0XboxGipSvc\0AppMgmt

WerSvcGroup REG_MULTI_SZ wersvc

WbioSvcGroup REG_MULTI_SZ WbioSrvc

LocalServiceNoNetwork REG_MULTI_SZ DPS\0PLA\0BFE\0CoreMessagingRegistrar\0NcdAutoSetup\0mpssvc\0WwanSvc

imgsvc REG_MULTI_SZ StiSvc

termsvcs REG_MULTI_SZ TermService

swprv REG_MULTI_SZ swprv

smphost REG_MULTI_SZ smphost

ICService REG_MULTI_SZ vmicrdv\0vmicheartbeat

wsappx REG_MULTI_SZ clipsvc\0AppXSvc

Camera REG_MULTI_SZ FrameServer

LocalServicePeerNet REG_MULTI_SZ PNRPSvc\0p2pimsvc\0p2psvc\0PnrpAutoReg

NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm

appmodel REG_MULTI_SZ WalletService\0TileDataModelSvc\0EntAppSvc\0StateRepository

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV\0upnphost\0SCardSvr\0BthHFSrv\0QWAVE\0fdrespub\0wcncsvc\0SensrSvc

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

AxInstSVGroup REG_MULTI_SZ AxInstSV

DevicesFlow REG_MULTI_SZ DevicesFlowUserSvc

AppReadiness REG_MULTI_SZ AppReadiness

NetworkService REG_MULTI_SZ CryptSvc\0nlasvc\0lanmanworkstation\0WinRM\0WECSVC\0MapsBroker\0DNSCache\0DHCP\0TermService\0Tapisrv

smbsvcs REG_MULTI_SZ lanmanserver\0browser

UnistackSvcGroup REG_MULTI_SZ UnistoreSvc\0UserDataSvc\0OneSyncSvc\0PimIndexMaintenanceSvc\0MessagingService\0WpnUserService\0CDPUserSvc

PeerDist REG_MULTI_SZ PeerDistSvc

print REG_MULTI_SZ PrintNotify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\appmodel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\Camera

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\defragsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DevicesFlow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\ICService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceHttp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestrictedDhcpLmHosts

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetworkFirewall

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceDnsNla

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\print

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\rdxgroup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\UnistackSvcGroup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\utcsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\WepHostSvcGroup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wsappx

I'll try and run HDtune just now

#38
RKinner

Posted 08 August 2017 - 04:45 PM

Malware Expert

Expert
24,625 posts

No you did right. Let's see if we can put them back together: These are the entries for NetworkService

CryptSvc\0nlasvc\0lanmanworkstation\0WinRM\0WECSVC\0MapsBroker\0DNSCache\0DHCP\0TermService\0Tapisrv

Copy the next lines:

sc config CryptSvc type= share

sc config nlasvc type= share

sc config lanmanworkstation type= share

sc config WinRM type= share

sc config WECSVC type= share

sc config MapsBroker type= share

sc config DNSCache type= share

sc config DHCP type= share

sc config TermService type= share

sc config Tapisrv type= share

Then open an elevated Command Prompt and right click and Paste (or Edit then Paste)

Then reboot.

Copy the next 2 lines:

tasklist /svc /fi "imagename eqsvchost.exe"   > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

Win 8: http://www.eightforu...indows-8-a.html

win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

That will show us if it worked

#39
mrpooh3

Posted 08 August 2017 - 05:27 PM

Member

Topic Starter
Member
281 posts

Hi,

when I paste this into command prompt: tasklist /svc /fi "imagename eqsvchost.exe" > \junk.txt

notepad \junk.txt

it is saying ERROR The search filter cannot be recognized and popping up a blank notepad.

#40
RKinner

Posted 08 August 2017 - 05:51 PM

Malware Expert

Expert
24,625 posts

I think there should have been a space after eq.

tasklist /svc /fi "imagename eq svchost.exe" > \junk.txt

if that doesn't work we can fall back to our old

TASKLIST /SVC > \junk.txt

#41
mrpooh3

Posted 08 August 2017 - 06:05 PM

Member

Topic Starter
Member
281 posts

Hi,I am not sure if this is the correct txt I found it on c drive and its time is 1:02