Why are so/too many proceses running at the same time?
Good morning Experts,
I am trying to speed up an HP 2133 mini laptop. Windows 7 installed. It had over 450 processes listed in Task manager. After a a Good system clean, I got it down to a more normalized 69 procs. But that was only temporary. Now whenever i restart system, there are always about 115-120 procs in taskMan. That is an improvement but it is still way wrong. The reason is because there are many duplicate processes listed in TaskMan.
For Example:
AVP.exe 4 instances
avpr.exe 3
cmd.exe 4
csrss.exe 5
debug.exe 6
svchost.exe 11
thes are just a few examples with svchost the most glaringly -----d-up.
Th mini laptop runs at 100% cpu ALL the time. The culprit is SVCHOST.EXE, most of the time hogging about 92%-100% CPU resources CONSTANTLY. I can "end" duplicate procs, but they all return when I reboot and i end up with about 115-120 all the time. That is better than 450, when I 1st got this thing, but 60 procs would make me happy. (This is not my PC)
The QUESTION IS: Why are these processes duplicating themselves and refusing to permanently go away; AND what can I do to get this computer to run properly again with just
the normal amount of procs(no duplications) ???
I am truly a beginner with Windows 7, but learning faster than I wish to.
Thank you all in advance
I am trying to speed up an HP 2133 mini laptop. Windows 7 installed. It had over 450 processes listed in Task manager. After a a Good system clean, I got it down to a more normalized 69 procs. But that was only temporary. Now whenever i restart system, there are always about 115-120 procs in taskMan. That is an improvement but it is still way wrong. The reason is because there are many duplicate processes listed in TaskMan.
For Example:
AVP.exe 4 instances
avpr.exe 3
cmd.exe 4
csrss.exe 5
debug.exe 6
svchost.exe 11
thes are just a few examples with svchost the most glaringly -----d-up.
Th mini laptop runs at 100% cpu ALL the time. The culprit is SVCHOST.EXE, most of the time hogging about 92%-100% CPU resources CONSTANTLY. I can "end" duplicate procs, but they all return when I reboot and i end up with about 115-120 all the time. That is better than 450, when I 1st got this thing, but 60 procs would make me happy. (This is not my PC)
The QUESTION IS: Why are these processes duplicating themselves and refusing to permanently go away; AND what can I do to get this computer to run properly again with just
the normal amount of procs(no duplications) ???
I am truly a beginner with Windows 7, but learning faster than I wish to.
Thank you all in advance
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I cannot see a functioning AV, Anti malwrare app. Will install something and give this a good scan while I manually work to clean start up items. I beleive AVP may be related to a music downloade3r called Ares and ares Vista. I also believe some of the apps this guy has arenot compatible with Win7., but not sure. Really not sure3 of anything with this thing
Thanks again.
Thanks again.
ASKER
Sorry younghv, I did not see your post. I will try Combofix. I have already improved thigs alot with a trojan rwemover i use called :"RKILL" I believe that combofix will not work opn a 64-bit system. is that correct.
I will not be back here for a while now because these scans will take next to forever to complete, but I will report in. This is goingn to take days, not hours to do, unless I hit the culprit early.
thanks again.
I will not be back here for a while now because these scans will take next to forever to complete, but I will report in. This is goingn to take days, not hours to do, unless I hit the culprit early.
thanks again.
Donnie616 -
Unless there is a new version, CF will not work on 64 bit systems.
There is an application called "HitmanPro" that has a 64 bit version, and
I'll try to find the link for it.
Malwarebytes will also work.
Unless there is a new version, CF will not work on 64 bit systems.
There is an application called "HitmanPro" that has a 64 bit version, and
I'll try to find the link for it.
Malwarebytes will also work.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Already used the hitman, thank you. Good program.
1---i am running Superantispyware now, deep scan. Many familiar trojans and fake AVs. so far. 1hou 58 mins so far. It has found 547 items and counting. 29 Mem items---60 Reg Items---458 Files.
2---2 "Startup ITEMS" in MSCONFIG (Startup) are as follows:n A: LvRZpiejl and B:Lvparhiej. They are the begiinning of about 150 items each followed by different endings.
Example=LvRZpiejl+1yKEY\Ap
In MSCONFIG startup items also, under the command column, that might be listed by C:|users\Donnie\appdata]\l
2nd startup item is Lvparhiej with the same endings to them as the other(LvRZpiejl) Each of these startup items has between 100-150 items each. they look like below, in startup in Msconfig. All are in the registry. NOT in Program files. I think they are baddies. One of them has disabled regedit, but SASW caught it fror me.
1...Lvparhiej---\----\----
2...LvRZpiejl---\----\----
Anyone know what they are? They cannot be good.
1---i am running Superantispyware now, deep scan. Many familiar trojans and fake AVs. so far. 1hou 58 mins so far. It has found 547 items and counting. 29 Mem items---60 Reg Items---458 Files.
2---2 "Startup ITEMS" in MSCONFIG (Startup) are as follows:n A: LvRZpiejl and B:Lvparhiej. They are the begiinning of about 150 items each followed by different endings.
Example=LvRZpiejl+1yKEY\Ap
In MSCONFIG startup items also, under the command column, that might be listed by C:|users\Donnie\appdata]\l
2nd startup item is Lvparhiej with the same endings to them as the other(LvRZpiejl) Each of these startup items has between 100-150 items each. they look like below, in startup in Msconfig. All are in the registry. NOT in Program files. I think they are baddies. One of them has disabled regedit, but SASW caught it fror me.
1...Lvparhiej---\----\----
2...LvRZpiejl---\----\----
Anyone know what they are? They cannot be good.
ASKER
I guess I got a bit complicated there, huh? Anyways what i asked you for (Lvparhiej---\----\-----\ ----.exe and LvRZpiejl---\----\-----\--
44 Items in process list. Normal looking stuff. Also all of the strange stuff in the start up list seems to be gone. just hope that I did not disable or disappear anything this guy wanted to keep. He had many different video types that required different media players and -----anyway that is for another question. I am really not a professional so i do not know how to handle a situation like that, (disappearing needed/wanted apps), as I suspect may be the case today. Like I said, not for this question which is answered.
Will close this after dinner.
Thanks to you all for your time and interest in my problem.
44 Items in process list. Normal looking stuff. Also all of the strange stuff in the start up list seems to be gone. just hope that I did not disable or disappear anything this guy wanted to keep. He had many different video types that required different media players and -----anyway that is for another question. I am really not a professional so i do not know how to handle a situation like that, (disappearing needed/wanted apps), as I suspect may be the case today. Like I said, not for this question which is answered.
Will close this after dinner.
Thanks to you all for your time and interest in my problem.
ASKER
Sorry about all the extra posts but this question is NOT over yet. I am now running a MBAM Deep scan AFTER the ComboFix scan. taking a glance, and after only 10 minutes it has already found 26 heretofore-unseen -by-CF nasties. i thought I was clean, but I am not. i will return to work on this in the morning and with Expert help from you all, hopefully I will resolve this infestation. Thanks again.
Sometimes you have to run the scan a couple times before everything is cleaned out. What I would do is turn off system restore, to delete your restore points. Reboot the machine and if it is clean, turn on the system restore and create a restore point. Some times malware create their own restore points so they can reinstall the malware on the computer. But programs like Malwarebytes is able to detect that malware in the system restore files. To turn off system restore, right click on the my computer icon, go to properties, Click on the system restore tab, then place a check mark in the box "turn off system restore". Then click on the two okay buttons. Restart your computer to release anything in the memory. Then go through the process to turn on system restore, by removing the check mark. Then I would create a restore point. Click on the windows button go to programs, accessories, system tools and then system restore. Run the software and when it asks if you want to either restore your computer to an earlier time or create a restore point, you want to create a restore point.
Hey don't worry about disabling software or unistalling applications that the customer may have wanted. Let him/her know that they were infected and must be removed in order to get a system that is running more smoothly. If the really want the software on thier system they can redown load it and reinstall it. If they mess up their system, then he/she can pay you another $50 or more to clean it up for them. lol
Hey don't worry about disabling software or unistalling applications that the customer may have wanted. Let him/her know that they were infected and must be removed in order to get a system that is running more smoothly. If the really want the software on thier system they can redown load it and reinstall it. If they mess up their system, then he/she can pay you another $50 or more to clean it up for them. lol
Donnie616,
Still waiting for you to post the logs from CF and MBAM.
Also - Experts are from all over the world, so if one of us stops responding for a few hours, we might just be doing something silly like spending time with our families or sleeping.
Also II - many EE members don't realize that Experts are all volunteers who are just trying to help out others who are having problems.
Still waiting for you to post the logs from CF and MBAM.
Also - Experts are from all over the world, so if one of us stops responding for a few hours, we might just be doing something silly like spending time with our families or sleeping.
Also II - many EE members don't realize that Experts are all volunteers who are just trying to help out others who are having problems.
web_tracker,
Please don't recommend that people disable the System Restore function. I realize that is very common advice, but there is not good reason to do it - and several good reasons not to.
Have a read of this Article:
https://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html
Please don't recommend that people disable the System Restore function. I realize that is very common advice, but there is not good reason to do it - and several good reasons not to.
Have a read of this Article:
https://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/A_1934-Viruses-in-the-System-Volume-Information-System-Restore.html
ASKER
Ok guys i have been working all day on this and I think we are as clean as possible now. No need to send the logs from the scanners, as I am familiar with 95% of the results. Also 95% of my customers are hispanic and the use the same music dowloading apps among themselves. This guy just happened to have a virus-laden program (torrent) that I was not familiar with. I have re-run the scans and nothig seems to have come back yet. If they do, I will send the logs. I am going to close this now and open a new question if there is a persistence issue with these bugs.
Most of them are roque and fake Anti malware and anti virus apps that were running in the background but under the guise of legit programs. FYI, there ore 47 processes now and just 6 items starting up, repeated;y so it appears the issue is resoklved excpt for me removing some of his torrents. Too bad. I am good for now and thanks to all of you.
Most of them are roque and fake Anti malware and anti virus apps that were running in the background but under the guise of legit programs. FYI, there ore 47 processes now and just 6 items starting up, repeated;y so it appears the issue is resoklved excpt for me removing some of his torrents. Too bad. I am good for now and thanks to all of you.
ASKER
just so you know, AVP stands for Ares Vista Program on this computer, not the antivirus we thought it was.
ASKER
Lots of good info, so i split the points reflecting the fact that I used several different posts. FOUND: 4,700 hits other than just adware.(lucky the PC even started)
WHAT I DID(in order) <I think>
1---Ran Rkill ( A Fast, Good one, not that deep, but finds the nastiests')
2---Ran SASW
3---Ran Advanced System Care by IOBIT (Instead of C-Cleaner)
3A--Ran IOBIt's Uninstaller, a deep scanner/remover, No leftover files after uninstalling
4---Ran MSCONFIG,
5---Worked in Process Explorer + Process Lasso, removed leftovers that MSCONFIG does not bring up...
6---Followed Lee T's instructs quite carefully
7---Ran MBAM
8---Repeated most of the above steps again.
WHAT I DID(in order) <I think>
1---Ran Rkill ( A Fast, Good one, not that deep, but finds the nastiests')
2---Ran SASW
3---Ran Advanced System Care by IOBIT (Instead of C-Cleaner)
3A--Ran IOBIt's Uninstaller, a deep scanner/remover, No leftover files after uninstalling
4---Ran MSCONFIG,
5---Worked in Process Explorer + Process Lasso, removed leftovers that MSCONFIG does not bring up...
6---Followed Lee T's instructs quite carefully
7---Ran MBAM
8---Repeated most of the above steps again.
ASKER
All work must be done with a USB drive. No CD-Rom on this bare-bones machine. I know that 450 processes is a lot. That is why I am here. When I returned to the the "UNTOUCHED-BY-ME" Mini PC after 30 minutes, while i waited for you guys, I came back to 132 Procs. it is slowly headed back upwards, (slowly loading things) regarding amount of them on the list. BY THEMSELVES !!! Please recall that the list is only a partial example. About 70% 0f the way down the alphabetical list some more examples of what i see are
DrWeb.exe 4
gdi32.exe 3
hexdump 3
IE Explorer.exe 5
login.exe 3
lsass.exe 4
MDN.exe 4
nvsvc32 4
And so on, etc, and so on----------
I intend on doing your suggests, and I will check in peridically. This is going to take a great deal of time, so i ask your patience with me. Thank you all for your assistance.