Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not sure if I have malware!


  • Please log in to reply

#31
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts
Hi Ron,

I did not expect a reply before I went to bed, but I realise it is morning already for you in Florida.

Thanks for the tip about accessing a zipped file. Please excuse me if I leave it until the morning, I fear if I soldier on this evening I will not be concentrating and will just cause you more headaches!

Regarding the FRST scan you asked for, I will go back to the original instructions for running FRST set out in the Malware cleaning guide under the heading Step 3. Download and Run FRST

Quote: try the whole thing again with the Internet disconnected or in airplane mode - sorry, do you mean redo just the FRST or all the reports I just sent you?

If you are able to let me know exactly what you need me to redo I will get them off to you as early as I can tomorrow.

Thank you for everything,

Roger
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP

I just need the Process Explorer and Latency monitor stuff with the internet disconnected or set to Airplane mode for now.  There should be a frst.txt file in the same folder as FRST64.exe and addition.txt.  You can just post that if you find it.


  • 0

#33
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Hello Ron

 

Here are the items you asked for, I hope I got them all correctly.  Airplane mode has been on throughout.

 

thanks again for your time and expertise,

 

Roger

Attached Thumbnails

  • Latency Drivers screen shot.jpg
  • Latency Processes screenshot.jpg

Attached Files


  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP

Were you able to install the zipped up driver?

 

I have a new driver for your touchpad.  See if it will install:

 

https://drivers.soft...10-64-bit.shtml

 

Process Explorer says that AVG Tuneup is using 11+% of the CPU.  I really do not know much about the program but I don't think it's helping any.  Can you uninstall it?

 

Did you notice if the summary for Latency Monitor said the pc was able to handle audio?

 

Let's turn off DCOM.  This is used between computers in a big company and it isn't anything you need:

 

Search for

 

dcomcnfg

hit Enter

  1. Click on the arrow in front of Component Services
  2. Click on the arrow in front of  Computers.
  3. Right-click My Computer, and choose Properties.
  4. On the Default Properties tab, deselect the Enable Distributed COM On This Computer check box.
  5. OK

 

Get the new version of the Edge browser if you don't already have it:

 

https://www.microsoft.com/en-us/edge

 

Once you get it installed then get the Ublock Origin extension for it.  Should be available from the Microsoft Store.  They will ask for your login but you can skip and still get it.

 

Download OOSU10.exe:

https://www.oo-softw...com/en/shutup10

Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then Right click and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.

Close the program and reboot.

 

Just to make sure there is nothing evil on your system.  Run MBAR:

https://www.malwareb...om/antirootkit/

 

Download, Save and right click on the mbar-1.10...exe file and Run As Admin.  Follow the prompts.  Does it find anything?  (Will run faster if you can pause your antivirus while it runs)

 

Also make sure AVG is the latest version.

 

Give me a new Process Explorer log with Internet connected.


  • 0

#35
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Hi Ron I have managed to uninstall WinZip and install Driver AR3012

 

​I have downloaded the .cab file for the touchpad driver but cannot open it.  I am attaching a jpg showing a couple of screen grabs - instructions for opening a cab file and the contents of the file.  I cannot see a .cab file to extract to a folder!  Can you advise please!

 

​Thanks.

 

​Incidentally, I am having huge problems typing the replies to you, initially the Space bar makes the Reply window disappear and I have to scroll up to find it.  This happens repeatedly and eventually rectifies itself but I don't understand why.  Any clues?

 

​Thanks

 

Roger

Attached Thumbnails

  • problem opening cab file.JPG

  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP

Microsoft hides the extensions so you can't see them.  In File Explorer click on View then check File Name Extensions & also Hidden Extensions.  You may also need to drag the divider between Name & Size to the right so that you can see the whole name.

 

A .cab is also a compressed file like a zip so once you get it  unzipped you need to right click on the .cab select 7-zip and then Extract Files.  It will show you where it want to extract them to.  You can change it if you want.  Once the file has been extracted then you need to search for

device manager

hit Enter

Find your Elan driver which is usually under Mice & Other Pointing Devices (click on the arrow in front to open up) then right click and Update Driver,

4. Choose to select the location of the new driver manually and browse to the folder where you extracted the driver
5. If you already have the driver installed and want to update to a newer version got to "Let me pick from a list of device drivers on my computer"
6. Click "Have Disk"
7. Browse to the folder where you extracted the driver and click Ok

 

If you do not see Elan under Mice then look under Human Interface Devices.

 

For your typing problem:

Touchpads are notorious for being too sensitive.  Search for

control panel

hit Enter

View By: Large icons

Mouse

Usually you will find some options under a special tab or perhaps under Pointer Options

to control the sensitivity of the touchpad. 

 

See if:

https://support.leno...utions/ht075745

applies.

 

It's usually best to turn off all of the fancy stuff like special tap areas and two finger gestures


  • 0

#37
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Hello!

 

Thanks for the reply above

 

Thanks for the advice re the touchpad and how to handle the cab file.  I will reply to your earlier post and then worry about the Elan update.  (For the moment the typing is OK!)

 

The points you listed in order were:

 

AVG Tune Up  -  Deleted as requested

 

Latency Monitor showed PC able to handle audio,

 

DCOM turned off,

 

New version of Edge installed

 

OOSU10 installed

 

MBAR run and nothing found,

 

AVG Internet Security up to date,

 

Process Explorer run again, file WmiPrvSE reproduced below

 

Process CPU Private Bytes Working Set PID Verified Signer Description Company Name
System Idle Process 71.93 52 K 8 K 0
procexp64.exe 13.50 32,432 K 66,944 K 608 (Verified) Microsoft Corporation Sysinternals Process Explorer Sysinternals - www.sysinternals.com
System 2.97 160 K 972 K 4
dwm.exe 2.29 32,904 K 47,992 K 6428 (Verified) Microsoft Windows Desktop Window Manager Microsoft Corporation
Interrupts 2.10 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 1.56 5,288 K 4,988 K 5140 (Verified) Microsoft Windows Publisher Client Server Runtime Process Microsoft Corporation
explorer.exe 1.37 61,108 K 109,336 K 3220 (Verified) Microsoft Windows Windows Explorer Microsoft Corporation
ETDCtrl.exe 1.20 9,112 K 23,568 K 7000 (Verified) ELAN Microelectronics Corporation ETD Control Center ELAN Microelectronics Corp.
aswidsagent.exe 0.83 64,284 K 73,852 K 6580 (Verified) AVG Technologies USA, LLC AVG Software Analyzer AVG Technologies CZ, s.r.o.
GamesAppIntegrationService.exe 0.79 1,876 K 7,508 K 8776 (Verified) WildTangent Inc WildTangent Games App Integration Service WildTangent
AVGUI.exe 0.27 22,476 K 55,080 K 1364 (Verified) AVG Technologies USA, LLC AVG Antivirus AVG Technologies CZ, s.r.o.
ctfmon.exe 0.14 2,940 K 13,564 K 4580 (Verified) Microsoft Windows CTF Loader Microsoft Corporation
svchost.exe 0.14 11,928 K 26,016 K 1464 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
backupService-abpb.exe 0.13 7,948 K 16,700 K 5112 (Verified) Ashampoo GmbH & Co. KG
AVGSvc.exe 0.11 110,596 K 40,680 K 2352 (Verified) AVG Technologies USA, LLC AVG Service AVG Technologies CZ, s.r.o.
CNQMMAIN.EXE 0.11 57,768 K 27,844 K 4840 (Verified) Canon Inc. Canon Quick Menu CANON INC.
csrss.exe 0.07 1,908 K 4,892 K 588 (Verified) Microsoft Windows Publisher Client Server Runtime Process Microsoft Corporation
ETDCtrlHelper.exe 0.06 2,792 K 9,644 K 9116 (Verified) ELAN Microelectronics Corporation ETD Control Center Helper ELAN Microelectronics Corp.
CNMNSST.exe 0.05 1,708 K 8,600 K 5936 (Verified) Canon Inc. Canon IJ Network Scanner Selector EX CANON INC.
dts_apo_service.exe 0.05 22,620 K 20,192 K 6916 (Verified) DTS, Inc. dts_apo_service
RemindMe.exe 0.04 6,844 K 20,232 K 10148 (Verified) Beiley Software, Inc. Remind-Me Beiley Software Inc.
svchost.exe 0.03 10,852 K 30,968 K 1120 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
AVerRemote.exe 0.03 3,884 K 12,100 K 2164 (No signature was present in the subject) AVerMedia AVerRemote MFC Application AVerMedia
openvpn.exe 0.02 2,184 K 8,924 K 9776 (Verified) AVG Technologies USA, Inc. OpenVPN Daemon The OpenVPN Project
CNQMUPDT.EXE 0.02 28,532 K 29,048 K 10176 (Verified) Canon Inc. Canon Quick Menu Updater CANON INC.
unsecapp.exe 0.02 1,292 K 6,476 K 9516 (Verified) Microsoft Windows Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
TecoResident.exe 0.01 1,980 K 8,324 K 1224 (Verified) TOSHIBA CORPORATION Resident module of eco Utility TOSHIBA Corporation
svchost.exe 0.01 31,576 K 44,472 K 1128 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
MSOSYNC.EXE 0.01 5,352 K 14,580 K 476 (Verified) Microsoft Corporation Microsoft Office Document Cache Microsoft Corporation
svchost.exe 0.01 28,068 K 61,288 K 1060 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
AVerScheduleService.exe 0.01 2,624 K 9,896 K 2412 (No signature was present in the subject) ScheduleService Module
oxHelper.exe 0.01 2,792 K 7,568 K 1512 (Verified) Ashampoo GmbH & Co. KG
RAVCpl64.exe 0.01 5,420 K 9,948 K 780 (Verified) Realtek Semiconductor Corp Realtek HD Audio Manager Realtek Semiconductor
svchost.exe 0.01 110,268 K 90,340 K 3720 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
AppleMobileDeviceService.exe 0.01 3,384 K 8,836 K 1232 (Verified) Apple Inc. MobileDeviceService Apple Inc.
GoogleUpdate.exe 0.01 2,412 K 1,616 K 5344 (Verified) Google Inc Google Installer Google Inc.
KeNotify.exe 0.01 1,424 K 7,444 K 9988 (Verified) Compal Electronics, Inc. KeNotify MFC Application TOSHIBA CORPORATION
sedsvc.exe < 0.01 4,632 K 13,132 K 8984 (Verified) Microsoft Windows sedsvc Microsoft Corporation
Vpn.exe < 0.01 67,340 K 21,036 K 8940 (Verified) AVG Technologies USA, Inc. AVG Secure VPN AVG Technologies CZ, s.r.o.
AVerHIDReceiver.exe < 0.01 1,780 K 8,908 K 800 (No signature was present in the subject) HIDRec Application - AVerHID
svchost.exe < 0.01 14,280 K 48,252 K 5636 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
TecoService.exe < 0.01 2,556 K 9,136 K 3616 (Verified) TOSHIBA CORPORATION TOSHIBA eco Utility Service Toshiba Corporation
services.exe < 0.01 4,644 K 8,632 K 840 (Verified) Microsoft Windows Publisher Services and Controller app Microsoft Corporation
WmiPrvSE.exe < 0.01 2,412 K 8,724 K 4976 (Verified) Microsoft Windows WMI Provider Host Microsoft Corporation
svchost.exe < 0.01 21,952 K 29,788 K 1136 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
SettingSyncHost.exe < 0.01 2,776 K 9,932 K 10004 (Verified) Microsoft Windows Host Process for Setting Synchronization Microsoft Corporation
atieclxx.exe < 0.01 2,428 K 9,744 K 9524 (Verified) Microsoft Windows Hardware Compatibility Publisher AMD External Events Client Module AMD
taskhostw.exe < 0.01 5,088 K 13,712 K 1912 (Verified) Microsoft Windows Host Process for Windows Tasks Microsoft Corporation
AVerUpdateServer.exe < 0.01 1,952 K 7,632 K 1508 (No signature was present in the subject) AVerMedia TECHNOLOGIES, Inc. AVer Update Service AVerMedia TECHNOLOGIES, Inc.
Memory Compression < 0.01 332 K 51,468 K 1800
wsc_proxy.exe 4,000 K 9,172 K 1760 (Verified) AVG Technologies USA, LLC AVG remediation exe AVG Technologies CZ, s.r.o.
winlogon.exe 2,680 K 10,308 K 7716 (Verified) Microsoft Windows Windows Logon Application Microsoft Corporation
wininit.exe 1,676 K 5,992 K 712 (Verified) Microsoft Windows Publisher Windows Start-Up Application Microsoft Corporation
VpnSvc.exe 13,404 K 29,700 K 3292 (Verified) AVG Technologies USA, Inc. AVG Secure VPN Service AVG Technologies CZ, s.r.o.
svchost.exe 7,004 K 13,468 K 420 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 11,828 K 27,520 K 972 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 13,768 K 33,920 K 1144 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 5,180 K 14,016 K 2260 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 5,072 K 14,848 K 2168 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 4,368 K 13,260 K 2108 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 5,516 K 14,440 K 7800 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 2,384 K 6,984 K 1744 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 1,836 K 5,996 K 2092 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 2,928 K 11,580 K 2024 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 1,748 K 6,464 K 4080 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 1,716 K 6,148 K 3200 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 2,028 K 8,012 K 3336 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
svchost.exe 1,596 K 6,028 K 3368 (Verified) Microsoft Windows Publisher Host Process for Windows Services Microsoft Corporation
spoolsv.exe 6,344 K 14,712 K 2496 (Verified) Microsoft Windows Spooler SubSystem App Microsoft Corporation
splwow64.exe 3,120 K 11,284 K 3308 (Verified) Microsoft Windows Print driver host for applications Microsoft Corporation
smss.exe 492 K 1,096 K 404 (Verified) Microsoft Windows Publisher Windows Session Manager Microsoft Corporation
smartscreen.exe 10,172 K 16,680 K 5400 (Verified) Microsoft Windows Windows Defender SmartScreen Microsoft Corporation
SkypeBackgroundHost.exe Suspended 1,920 K 10,780 K 1848 (No signature was present in the subject) Microsoft Corporation Microsoft Skype Microsoft Corporation
sihost.exe 5,460 K 23,172 K 5568 (Verified) Microsoft Windows Shell Infrastructure Host Microsoft Corporation
ShellExperienceHost.exe Suspended 30,140 K 68,240 K 5604 (Verified) Microsoft Windows Windows Shell Experience Host Microsoft Corporation
SecurityHealthService.exe 4,012 K 14,632 K 3276 (Verified) Microsoft Windows Publisher Windows Security Health Service Microsoft Corporation
SearchUI.exe Suspended 54,184 K 92,816 K 8008 (Verified) Microsoft Windows Search and Cortana application Microsoft Corporation
SearchIndexer.exe 28,700 K 28,980 K 9064 (Verified) Microsoft Windows Microsoft Windows Search Indexer Microsoft Corporation
RuntimeBroker.exe 2,976 K 15,836 K 1596 (Verified) Microsoft Windows Runtime Broker Microsoft Corporation
RuntimeBroker.exe 5,764 K 20,628 K 7028 (Verified) Microsoft Windows Runtime Broker Microsoft Corporation
RuntimeBroker.exe 2,048 K 7,396 K 7456 (Verified) Microsoft Windows Runtime Broker Microsoft Corporation
procexp.exe 4,896 K 11,772 K 3376 (Verified) Microsoft Corporation Sysinternals Process Explorer Sysinternals - www.sysinternals.com
mDNSResponder.exe 2,000 K 6,096 K 2816 (Verified) Apple Inc. Bonjour Service Apple Inc.
lsass.exe 7,612 K 15,812 K 856 (Verified) Microsoft Windows Publisher Local Security Authority Process Microsoft Corporation
ijplmsvc.exe 5,172 K 9,188 K 3080 (Verified) Canon Inc. Inkjet Printer/Scanner/Fax Extended Survey Program Service
GamesAppService.exe 1,600 K 6,136 K 8808 (Verified) WildTangent Inc GamesAppService WildTangent, Inc.
fontdrvhost.exe 1,740 K 3,092 K 960 (Verified) Microsoft Windows Usermode Font Driver Host Microsoft Corporation
fontdrvhost.exe 2,348 K 7,404 K 7316 (Verified) Microsoft Windows Usermode Font Driver Host Microsoft Corporation
ETDService.exe 1,208 K 4,876 K 2952 (Verified) ELAN Microelectronics Corporation Elan Service ELAN Microelectronics Corp.
dasHost.exe 1,060 K 4,084 K 1532 (Verified) Microsoft Windows Device Association Framework Provider Host Microsoft Corporation
conhost.exe 1,336 K 5,696 K 1824 (Verified) Microsoft Windows Console Window Host Microsoft Corporation
BtwRSupportService.exe 1,952 K 6,536 K 2752 (Verified) Broadcom Corporation Bluetooth Radio Management Support Broadcom Corporation.
btwdins.exe 2,388 K 8,660 K 2212 (Verified) Broadcom Corporation Bluetooth Support Server Broadcom Corporation.
backgroundTaskHost.exe Suspended 15,136 K 24,044 K 7804 (Verified) Microsoft Windows Background Task Host Microsoft Corporation
audiodg.exe 17,952 K 18,140 K 8272 (Verified) Microsoft Windows Windows Audio Device Graph Isolation Microsoft Corporation
atiesrxx.exe 1,576 K 5,320 K 1664 (Verified) Microsoft Windows Hardware Compatibility Publisher AMD External Events Service Module AMD
aswEngSrv.exe 42,588 K 64,352 K 2860 (Verified) AVG Technologies USA, LLC AVG Antivirus engine server AVG Technologies CZ, s.r.o.
armsvc.exe 1,372 K 6,224 K 3052 (Verified) Adobe Inc. Adobe Acrobat Update Service Adobe Systems
afwServ.exe 11,876 K 21,156 K 2956 (Verified) AVG Technologies USA, LLC AVG firewall service AVG Technologies CZ, s.r.o.
AdminService.exe 2,368 K 7,492 K 2140 (Verified) Qualcomm Atheros Windows Setup API Windows ® Win 7 DDK provider
AdaptiveSleepService.exe 1,624 K 6,688 K 3060 (No signature was present in the subject)
ACService.exe 1,304 K 5,684 K 3044 (Verified) ArcSoft, Inc. ArcSoft Connect Service ArcSoft Inc.
 
 
Junk.txt file contents reproduced below:
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       404 N/A                                         
csrss.exe                      588 N/A                                         
wininit.exe                    712 N/A                                         
services.exe                   840 N/A                                         
lsass.exe                      856 KeyIso, SamSs, VaultSvc                     
fontdrvhost.exe                960 N/A                                         
svchost.exe                    972 BrokerInfrastructure, DcomLaunch, LSM,      
                                   PlugPlay, Power, SystemEventsBroker         
svchost.exe                    420 RpcEptMapper, RpcSs                         
svchost.exe                   1060 Appinfo, Browser, IKEEXT, iphlpsvc,         
                                   LanmanServer, lfsvc, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes,             
                                   TokenBroker, UserManager, Winmgmt,          
                                   WpnService                                  
svchost.exe                   1120 AudioEndpointBuilder,                       
                                   DeviceAssociationService, fhsvc, hidserv,   
                                   NcbService, Netman, PcaSvc, StorSvc,        
                                   SysMain, TabletInputService, TrkWks,        
                                   WdiSystemHost                               
svchost.exe                   1128 BFE, CoreMessagingRegistrar, DPS, MpsSvc    
svchost.exe                   1136 Dhcp, EventLog, lmhosts, TimeBrokerSvc,     
                                   WinHttpAutoProxySvc, wscsvc                 
svchost.exe                   1144 bthserv, CDPSvc, EventSystem, FontCache,    
                                   LicenseManager, netprofm, nsi, SEMgrSvc,    
                                   SstpSvc, WdiServiceHost                     
svchost.exe                   1464 CryptSvc, Dnscache, DoSvc,                  
                                   LanmanWorkstation, NlaSvc, TapiSrv          
dasHost.exe                   1532 N/A                                         
atiesrxx.exe                  1664 AMD External Events Utility                 
svchost.exe                   1744 SSDPSRV                                     
wsc_proxy.exe                 1760 AvgWscReporter                              
Memory Compression            1800 N/A                                         
svchost.exe                   2024 Audiosrv                                    
svchost.exe                   2092 DusmSvc                                     
svchost.exe                   2108 Wcmsvc                                      
svchost.exe                   2168 StateRepository, tiledatamodelsvc           
svchost.exe                   2260 WlanSvc                                     
AVGSvc.exe                    2352 AVG Antivirus                               
spoolsv.exe                   2496 Spooler                                     
aswEngSrv.exe                 2860 N/A                                         
afwServ.exe                   2956 AVG Firewall                                
ACService.exe                 3044 ACDaemon                                    
armsvc.exe                    3052 AdobeARMservice                             
AdaptiveSleepService.exe      3060 AdaptiveSleepService                        
AppleMobileDeviceService.     1232 Apple Mobile Device Service                 
AdminService.exe              2140 AtherosSvc                                  
AVerRemote.exe                2164 AVerRemote                                  
AVerScheduleService.exe       2412 AVerScheduleService                         
btwdins.exe                   2212 btwdins                                     
BtwRSupportService.exe        2752 BcmBtRSupport                               
mDNSResponder.exe             2816 Bonjour Service                             
AVerUpdateServer.exe          1508 AVerUpdateServer                            
ETDService.exe                2952 ETDService                                  
ijplmsvc.exe                  3080 IJPLMSVC                                    
svchost.exe                   3200 osrss                                       
SecurityHealthService.exe     3276 SecurityHealthService                       
VpnSvc.exe                    3292 SecureVpn                                   
svchost.exe                   3336 stisvc                                      
svchost.exe                   3368 W32Time                                     
TecoService.exe               3616 TOSHIBA eco Utility Service                 
svchost.exe                   3720 RasMan, wuauserv                            
svchost.exe                   4080 PolicyAgent                                 
WmiPrvSE.exe                  4976 N/A                                         
backupService-abpb.exe        5112 ashbackuppb                                 
oxHelper.exe                  1512 N/A                                         
GoogleUpdate.exe              5344 N/A                                         
dts_apo_service.exe           6916 dts_apo_service                             
GamesAppIntegrationServic     8776 GamesAppIntegrationService                  
GamesAppService.exe           8808 GamesAppService                             
sedsvc.exe                    8984 sedsvc                                      
SearchIndexer.exe             9064 WSearch                                     
aswidsagent.exe               6580 avgbIDSAgent                                
unsecapp.exe                  9516 N/A                                         
csrss.exe                     5140 N/A                                         
winlogon.exe                  7716 N/A                                         
fontdrvhost.exe               7316 N/A                                         
dwm.exe                       6428 N/A                                         
atieclxx.exe                  9524 N/A                                         
ETDCtrl.exe                   7000 N/A                                         
sihost.exe                    5568 N/A                                         
svchost.exe                   5636 CDPUserSvc_a73424, OneSyncSvc_a73424,       
                                   PimIndexMaintenanceSvc_a73424,              
                                   UnistoreSvc_a73424, UserDataSvc_a73424,     
                                   WpnUserService_a73424                       
taskhostw.exe                 1912 N/A                                         
explorer.exe                  3220 N/A                                         
ETDCtrlHelper.exe             9116 N/A                                         
ShellExperienceHost.exe       5604 N/A                                         
SearchUI.exe                  8008 N/A                                         
RuntimeBroker.exe             7456 N/A                                         
RuntimeBroker.exe             7028 N/A                                         
openvpn.exe                   9776 N/A                                         
conhost.exe                   1824 N/A                                         
SettingSyncHost.exe          10004 N/A                                         
SkypeBackgroundHost.exe       1848 N/A                                         
ctfmon.exe                    4580 N/A                                         
smartscreen.exe               5400 N/A                                         
RAVCpl64.exe                   780 N/A                                         
TecoResident.exe              1224 N/A                                         
AVGUI.exe                     1364 N/A                                         
MSOSYNC.EXE                    476 N/A                                         
AVerHIDReceiver.exe            800 N/A                                         
KeNotify.exe                  9988 N/A                                         
Vpn.exe                       8940 N/A                                         
CNMNSST.exe                   5936 N/A                                         
CNQMMAIN.EXE                  4840 N/A                                         
RemindMe.exe                 10148 N/A                                         
splwow64.exe                  3308 N/A                                         
CNQMUPDT.EXE                 10176 N/A                                         
RuntimeBroker.exe             1596 N/A                                         
msedge.exe                    9484 N/A                                         
msedge.exe                    8452 N/A                                         
msedge.exe                    8732 N/A                                         
msedge.exe                    7308 N/A                                         
msedge.exe                    4160 N/A                                         
msedge.exe                    9360 N/A                                         
msedge.exe                    2124 N/A                                         
msedge.exe                    7720 N/A                                         
msedge.exe                    4576 N/A                                         
msedge.exe                    3120 N/A                                         
msedge.exe                     788 N/A                                         
msedge.exe                    6596 N/A                                         
msedge.exe                    8448 N/A                                         
AVGUI.exe                     3708 N/A                                         
msedge.exe                    4172 N/A                                         
msedge.exe                   10580 N/A                                         
msedge.exe                   10860 N/A                                         
msedge.exe                    9688 N/A                                         
msedge.exe                   11068 N/A                                         
dllhost.exe                   3192 N/A                                         
audiodg.exe                   8364 N/A                                         
msedge.exe                    7896 N/A                                         
RemindersServer.exe           4488 N/A                                         
backgroundTaskHost.exe        4392 N/A                                         
dllhost.exe                   7540 N/A                                         
cmd.exe                       7888 N/A                                         
conhost.exe                   8644 N/A                                         
tasklist.exe                 10016 N/A                                         
WmiPrvSE.exe                  6112 N/A                                         
 
 
I will try to install the new touchpad driver tomorrow, I think I need a clear head when I tackle that.
 
Thanks for everything,
 
Roger

 

 

 

 

 


  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP

Looking much better now.  If we take the System Idle  and add it to ProcExp54.exe we get over 85% which is not too bad.

 

These are still a tad high:

 

System 2.97 160 K 972 K 4
dwm.exe 2.29 32,904 K 47,992 K 6428 (Verified) Microsoft Windows Desktop Window Manager Microsoft Corporation
Interrupts 2.10 0 K 0 K n/a Hardware Interrupts and DPCs
csrss.exe 1.56 5,288 K 4,988 K 5140 (Verified) Microsoft Windows Publisher Client Server Runtime Process Microsoft Corporation
explorer.exe 1.37 61,108 K 109,336 K 3220 (Verified) Microsoft Windows Windows Explorer Microsoft Corporation
ETDCtrl.exe 1.20 9,112 K 23,568 K 7000 (Verified) ELAN Microelectronics Corporation ETD Control Center ELAN Microelectronics Corp.
 
The dwm.exe is related to a busy desktop so go to your metro interface (where the desktop has all of the cute squares filled with different programs like Edge, Weather etc. )  Right click on anything you don't really need and Uninstall or Remove (I forget since I use OpenShell which removed all of that garbage)
If you just have a standard desktop them make sure you don't clutter it up with shortcuts for installed programs.  I like to create a folder called shortcuts on the desktop and move all of my shortcuts to it. 
Also go to Start, All Apps, and right click on any programs you do not use and Uninstall.  (Some may not have that option.  Just skip them.)
For Apps that won't uninstall you have to use powershell:
 
Interrupts should be below 1.4 for a quick responsive system.  Usually high values of Interrupts are caused by bad drivers so we try to update as many drivers as we can.  Usually bad drivers show up near the top in the Latency Monitor Drivers tab screenshot I have you do. That's why I'm trying to get Elan's driver updated.  Another possible cause is a bad battery on a laptop.  I assume a weak battery loads down the power supply but I'm not sure.  Anyway to test if the battery is the problem you just shut down, remove the battery (usually there are two catches you push to the side and it falls out.  Some newer laptops do not let you remove the battery without taking them apart so hopefully yours is not that type.)   and fire it back up without the battery.  If Interrupts drop significantly then you know the battery is weak and if you like to use it with the battery then you need to order a new one.  (I get mine through Amazon but read the reviews as all replacement batteries are not created equal).  If it's always used plugged in then no need to replace the battery.  Just leave it out.
 
If you get a new driver or are able to remove some of the apps then give me a new Process Explorer log.  Don't need the junk.txt file as long as you don't see svchost using more than .5 percent of the CPU.
 
One other thing I like to check on a slow system is disk usage.  Right click on the clock and select Task Manager (More Details) then Performance then (at the bottom) click on Resource Monitor.  Now click on the Disk tab.
 
You should get something like this:
diskmon.jpg
 
If it says the Highest Active  Time is less than about 3% then I don't need a screenshot.
 

  • 0

#39
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Hello Ron,

 

Thank you for your encouraging email.  I think we have now reached the stage where you do not need an immediate response from me, I will work through the items you mention over the next day or two, and encourage my wife to use her laptop to get an idea of how it is running.  She has kept well clear while we worked on the many issues it had.

 

I think I have a good idea how to do the various things you have suggested, there are several things I will carry out on my own laptop and my aging desktop before starting a new thread to look at issues that exist.  This last sentence should ring alarm bells for you - if you see a new thread come from rogerbid be warned, let someone else take the bait!  You have been very patient with my unskilled replies, you must have despaired at times.  I do think though that if I go down the same route I will be a little better at following instructions.  Queries arising from this thread will of course have the same subject line and hopefully you will pick up and respond.

 

I do appreciate your time and effort and thank you mist sincerely.

 

From one Melbourne to another, thanks again.  I will let you know in a few days how I get on with your last suggestions.

 

Best wishes

 

Roger B


  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,363 posts
  • MVP

 I'm the expert on speeding up slow systems so you might as well just continue with this thread and post your FRST logs for your second PC in this thread.  It's not like I have anything else to do (I'm retired and locked down because of the virus)  and really you are not that hard to work with (other than the time difference).  The forum is only a shadow of what it one was and we have very few "customers" these days.  Unless our Admin figures out how to get the forum to use HTTPS pretty soon I don't expect the forum to survive.  Too many browsers and email programs are warning about connecting to an unsecure HTTP connection and scaring everybody away.


  • 0

Advertisements


#41
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts
You are very kind, I suspect I am more trouble than you admit! Currently in Dr's waiting room. Like you I am retired and in lockdown. Still having difficulty with Elan driver update. I will finish off all outstanding with Patricia's laptop before we start another. Will write later, thank you.
  • 0

#42
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts
While waiting for Dr, will write a bit more! Surprised to hear you are not so busy these days. I first signed up when I think your site was called PC911, am I right? I used to be a bit braver than now and would fownload all sorts of apps, hence a lot of my desktop problems. That one might drive us both mad! It would be nice to clean it though. Dont feel obliged though!
  • 0

#43
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

"Unless our Admin figures out how to get the forum to use HTTPS pretty soon I don't expect the forum to survive". That would be an awful shame, I would hate to lose such a helpful site. I have not been a frequent user but on the occasions I have it has been invaluable. Please do all you can to keep the forum going!


Edited by rogerbid, 18 May 2020 - 07:01 PM.

  • 0

#44
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Hello, it's me again!

 

I have hit a brickwall with the Elan update!  I managed to get the file extensions displayed in Windows Explorer and realised the file I had downloaded is in fact the .cab file, however when I right click on it I do not get the option to extract.  I can 'open' the file and it takes me to a long list of files, maybe these are the extracted files?  Anyway, I have been into Device manager and tried my utmost to get the driver updated and it tells me that the current driver 15.8.12.5 is the current one.  Maybe that is correct for the touchpad installed on this laptop??  (I have tried to let Windows look for updated driver online, and also by directing it to a location on my computer, to a folder into which I pasted the files that I found when I 'opened' the .cab file.) 

 

Anyway, leaving that issue alone, I skipped your instruction to delete apps (I need to double check with my wife though I am sure she doesn't use 90% of the installed software).

 

I will do the battery tasks and let you know.

 

I am writing now though to say I have been into Resource Monitor and watched the Highest Active result.  It initially fluctuated from 1% to 84% and eventually settled at 1%, see screenshot attached.  I left the window running and have gone back periodically to see what it reads and it seems to be pretty constantly in the low single figures.  However it does throw up a 34% or 75% from time to time.

 

I only tell you this in case it is significant or reveals more dire problems!  I will write again when I have deleted some apps and looked into the battery situation,

 

Thanks

,

Roger

Attached Thumbnails

  • Resourse Manager Disk Tab.jpg

Edited by rogerbid, 18 May 2020 - 07:23 PM.

  • 0

#45
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 247 posts

Hi,

 

I removed the battery and restarted the laptop.  I was concerned that it asked me to set the system clock but did so and it booted up OK.  Phew!!

 

I have run latency monitor again and below is the file generated:

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:35  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        TOSHIBA
OS version:                                           Windows 10 , 10.0, version 1709, build: 16299 (x64)
Hardware:                                             Satellite C50D-B, TOSHIBA, ZBWAE
CPU:                                                  AuthenticAMD AMD E1-6010 APU with AMD Radeon R2 Graphics 
Logical processors:                                   2
Processor groups:                                     1
RAM:                                                  3518 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1347 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   573.755293
Average measured interrupt to process latency (µs):   10.795570
 
Highest measured interrupt to DPC latency (µs):       433.926188
Average measured interrupt to DPC latency (µs):       3.884163
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              68.868597
Driver with highest ISR routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.055469
Driver with highest ISR total time:                   ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Total time spent in ISRs (%)                          0.078886
 
ISR count (execution time <250 µs):                   1927
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              700.997773
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.109253
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.549928
 
DPC count (execution time <250 µs):                   32051
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                60
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 avgui.exe
 
Total number of hard pagefaults                       1255
Hard pagefault count of hardest hit process:          816
Number of processes hit:                              10
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.885771
CPU 0 ISR highest execution time (µs):                68.868597
CPU 0 ISR total execution time (s):                   0.052599
CPU 0 ISR count:                                      1675
CPU 0 DPC highest execution time (µs):                700.997773
CPU 0 DPC total execution time (s):                   0.339254
CPU 0 DPC count:                                      30353
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.208629
CPU 1 ISR highest execution time (µs):                48.181886
CPU 1 ISR total execution time (s):                   0.003041
CPU 1 ISR count:                                      252
CPU 1 DPC highest execution time (µs):                666.826281
CPU 1 DPC total execution time (s):                   0.048621
CPU 1 DPC count:                                      1758
_________________________________________________________________________________________________________
 
I am attaching the 'Total Execution (ms)' and 'Processes' screenshots which hopefully will tell you something!
 
I am wondering what will happen when I shut down and restart again!  Will I have to reset the clock every time???
 
I maybe mistaken, but I think so far that disconnecting the battery has made a difference.
 
Best wishes,
 
Roger

Attached Thumbnails

  • Total Execution (ms) screenshot.jpg
  • Processes screenshot.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP