Park Control, a small request

Started by AzKat, April 19, 2015, 05:43:33 PM

Previous topic - Next topic

AzKat

Can we get park control to automatically "unpark" all the cores on process lasso startup?

For whatever reason, if I unpark my cores, they stay unparked, but until the next restart.

If I unpark my cores, then restart imediately they are parked again.   < not exactly desired
If I unpark my cores, then restart after some time, they are parked again.  < not exactly desired

If I unpark my cores, then restart, they stay unparked.  < the desired effect


So if we could have a checkbox on that program, or on process lasso to automatically do that instead of us going there each and every time we restart windows, that'd be awesome (install and forget it)

Jeremy Collake

The % of cores allowed to be parked is a setting a specific to your power plans, so I suspect the power plan is being changed, causing this behavior. Once you get your power plan behavior and automation correct, it should work like you want without additional effort. With that in mind, perhaps try approaching it with a different perspective?
Software Engineer. Bitsum LLC.

BenYeeHua

Yup, it should be your OEM software or some other booster software that keep reset the Power Plans to what's has been set by them.

AzKat

#3
I do have a program that makes 2 aditional power plans (power 4 gear) I will uninstall it when I get home and share the results.


edit: uninstalling P4G (power 4 gear thing that came with my laptop) didn't help. It still sets 2 cores parked.

BenYeeHua

Asus?
Check your Event Viewer first, it should showing something about the Power Plans. ;)

For me, it is P4G and also Touchpad driver(yup, Asus coding is bad....) keep changing the Power Plans, and I forced to uninstall P4G while also find another version of Touchpad driver to workaround it.(Asus provided 3 difference version of touchpad driver)

Jeremy Collake

Well, just be aware of what power plan you are in. As each power plan has it's own core parking setting. So maybe they are disallowed from parking in High Performance but allowed to park in Balanced.

Also, is IdleSaver active? It would change the power profile.

There should be no other possibility.
Software Engineer. Bitsum LLC.

AzKat

I'm in the bitsum maximum performance power plan (also tried setting all of them to unparked).

Idle saver is not on.


So maybe event viewer, tho I have no idea what to do with it.

And yes, I have a touchpad driver installed

Jeremy Collake

Hmm, that is odd. The only remaining possibly is software dynamically changing the active power plan, perhaps some Energy Conservation software of some sort from the OEM. That's all I can think of.
Software Engineer. Bitsum LLC.

AzKat

Seems it's only with me, a friend of mine used this and his cores are still parked.

BenYeeHua

Just like I said before, check the Event Viewer, it did record any software that touch Power Plans config, and save your time to find out why it happen. ;)

Jeremy Collake

I can not explain what is happening here, but these are simple settings of Windows Power Profiles. So, all ParkControl is doing is changing them.

If these changes are actually not enforced,  despite being in the right power plan, then it's a deeper issue with the OS or hardware.

If any prior manual registry tweaking was done (possibly by other software), it could have left the PC is a corrupted configuration, but I'm just grasping at straws there. I do know of possibilities where registry tweaking causes ParkControl to misreport the park status, which is something I intend to handle - but don't believe that's the issue here.
Software Engineer. Bitsum LLC.

BenYeeHua

Quotebut don't don't that's the issue here.
I don't don't that's what you want to said. ;D

Anyways, yup, the corrupted registry should not be the case here, as it should just change the config back as soon as you changed it. :)

Jeremy Collake

Thanks. Edited. Meant to say I don't believe this is the cause of the problems here though.
Software Engineer. Bitsum LLC.

AzKat

any help on what exactly I should be looking for in event viewer?

Jeremy Collake

Looking for changes to the active power profile. It's a bit deep for non-techies, I'll let Ben guide you through it best he can. At worst, click till you find logs, then search them for power change events. I don't remember if it is the System log or not, but think so.
Software Engineer. Bitsum LLC.

AzKat

#15
@ windows logs I have a few thousand events....

Application: 35,898 events
Security: 29,811 events
Setup: 1,656 events
System: 57,353 events
Forwarded Events: 0



LE: Cleared all logs, restarted, found something regarding kernel processor power and kernel power, here's a screenshot  http://imgur.com/CIQnjPP

My laptop is an Asus K56CB-XX122D

I quote from one of those warning thnigs:

The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

BenYeeHua

Not this, this is about the firmware(as known as BIOS) limiting the CPU frequency because of the temperature.
You may try use Process Monitor, it may record something interesting about this issues.
---
Just in case, did it change when you boot into Safe Mode? :)

AzKat

I'll take a look at that.

In safemode they were still unparked, maybe it's something on system startup? Tho I can't exactly tell what :/

BenYeeHua

Just use a stupid but the most easier ways, disable half of your startup software, if it don't works, half again, until it don't get parked again.
Then you should know which one it is, based on which software you has disabled/enabled.

This is normally used for finding which Firefox add-ons are having issues, when you has a lot of add-ons and nothing shown on the error console. ;)
QuoteNote: If you have a large number of extensions, it may be quicker to enable more than one extension at a time. The method with the fewest number of restarts required is: Enable half the extensions in this list, then restart Firefox and test for the problem. If the problem reoccurs, you know that the faulty extension is one of the ones you just enabled. If the problem does not occur, you know the faulty extension is one of the disabled ones. Repeat the process until the faulty extension is found.
https://support.mozilla.org/en-US/kb/troubleshoot-extensions-themes-to-fix-problems#w_test-for-faulty-extensions
-----
Just thinking a bit more, you can just disable all startup software, then run it by manually, followed by the command line.
This may not works, but this don't waste too much of your time too. :D

AzKat

I have some startup things disabled... some enabled, gonna be hard to know which ones to reenable after that, tho I will try deleting the disabled ones :D


Done that, everything (scheduled tasks and windows startups) disabled, the cores still get parked...

BenYeeHua

Screen Shot is your friend, or just write it down. ;)

AzKat

Done that, they still getting parked (regarding those processes, I just deleted the already disabled ones)

Jeremy Collake

Try the .REG tweak found at the bottom of https://bitsum.com/parkcontrol/

This will cause the parking options to show up in the normal Power Options / Advanced (then click 'Show more' or similar).

Windows has complete control of this, all Lasso or ParkControl do is adjust the settings - so why those settings aren't being applied is limited to them being undone, ignored, or overridden by some other software or driver.
Software Engineer. Bitsum LLC.

AzKat

#23
Did those reg tweaks, the added thing for processor parking appeared in the power options, gonna restart.
.
.
.
And they are still parked after a restart :/ (noticed I made a typo here after 3 hours)


This laptop hasn't seen these many restarts since the time when I uninstalled my printer's drivers and other random programs.

Jeremy Collake

And the settings? Are they still as you left them?
Software Engineer. Bitsum LLC.

edkiefer

FWIW , Use autoruns (by sysinternals ), that program is best for disabling and enabling startup and seeing what gets loaded .

You just uncheck ones you want to disable and re-enable after you find the issue . Does not delete entries .
Bitsum QA Engineer

AzKat

I used ccleaner to check out startup objects.

As for the settings, well they changed back to 10% in the power plan advanced options, and in the core parking thing.

chris635

Quote from: AzKat on April 25, 2015, 07:36:16 PM
I used ccleaner to check out startup objects.

As for the settings, well they changed back to 10% in the power plan advanced options, and in the core parking thing.

autoruns will show programs auto starting that ccleaner will not.
Chris

AzKat

#28
so that autostart thing... wow so many things in there :/


edit: ok I broke autostart thing, I disabled a bunch of things from the end, restarted, cores were still parked, went into autostart thing again... it broke, it simply doesn't respond anymore. I force killed it a few times, but no luck. What just happened?

Tried that autorunsC.exe , it opens a cmd thing, which works without a problem, however the autoruns.exe simply doesn't work.

Aaaand I just broke my windows. It won't startup anymore. (Posted from my phone)

So...not even safe mode works now. Wonderful utility this autoruns is.



edit: thank god I had a restore point available from since I uninstalled power 4 gear thing.

As for the autoruns utility, never again.

BenYeeHua

I agree Autoruns is buggy now, after he fixed the bug that don't found the value and just delete the registry.
And now, sometimes I just re-disable items that has been disable(as I has updated them), and it failed to do that.

The most useful tools are Process Monitor and Process Explorer, as it will not break the computer like Autoruns.
I means, they will not changing the registry. ;D
----
Anyways, if you really disabled a lot of thing and it still get parked, then it can be one thing.
Driver...

This will be harder to find, but I think you can just disable most of the hardware now, except you are not using Windows 8+(as it will fall back to WARP after you has disabled Graphic card driver). ;)

edkiefer

I have never had issue with autoruns with startup section (logon ), I do hide MS entree's so only 3rd party show .

With startup, all it does is make new key and stores them there from the regular startup place . If you did have trouble the GUI, just jumping to reg it easy to see what its doing .

Sorry to hear you ran into problems with it , it is well respected tool (been around forever ).
Bitsum QA Engineer

AzKat

I read somewhere that windows 8.1 has disabled core parking completely, is this true?

chris635

Quote from: edkiefer on April 26, 2015, 07:38:31 AM
I have never had issue with autoruns with startup section (logon ), I do hide MS entree's so only 3rd party show .

With startup, all it does is make new key and stores them there from the regular startup place . If you did have trouble the GUI, just jumping to reg it easy to see what its doing .

Sorry to hear you ran into problems with it , it is well respected tool (been around forever ).

I make sure MS entree's do not show as well. Sorry about that. I should have been little more clear about using autoruns.
Chris

BenYeeHua

Quote from: AzKat on April 26, 2015, 07:47:26 AM
I read somewhere that windows 8.1 has disabled core parking completely, is this true?
Nope, they changed it to a real core-parking.

When it is Windows 7, it just park the Hyper-thread.
When it is Windows 8+, it start parking the whole core, which is the meaning of "core" parking. ;)

Jeremy Collake

Quote from: AzKat on April 25, 2015, 07:36:16 PM
As for the settings, well they changed back to 10% in the power plan advanced options, and in the core parking thing.

There it is then. Some software, somewhere, on your PC is changing the setting back, *or* all your recent changes are being reverted (e.g. system restore). One or the other. The registry is where all these settings are stored, so if it were wiped out by some crazy registry cleaner, but that registry cleaner would have to be real dumb, and I know ccleaner is better than that. I would like to see a HiJackThis type log of the system, see if I see the problematic software.
Software Engineer. Bitsum LLC.

AzKat

Oh you mean like malware or spyware? (Googled hijackthis)

If yes then I already have malwarebytes and kaspersky internet security (both updated constantly)

Jeremy Collake

Right. That will show us what you have installed, etc... because *something* is changing those settings back. My guess is some OEM bundled 'power management' utility or driver. ... or a registry 'reset', as I wrote about.
Software Engineer. Bitsum LLC.

AzKat

I'll take a look at it then

[spoiler] Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:37:02, on 4/27/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Steam\Steam.exe
D:\Steam\bin\steamwebhelper.exe
D:\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Apps\2.0\MKB4JK49.6QJ\RX1ZE9NM.1Z2\idle..tion_2608479b42bdf612_0000.0008_439d2dfc537d8238\IdleMaster.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Apps\2.0\MKB4JK49.6QJ\RX1ZE9NM.1Z2\idle..tion_2608479b42bdf612_0000.0008_439d2dfc537d8238\steam-idle.exe
D:\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programe\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Startup: HControl.exe - Shortcut.lnk = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://d:\Programe\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programe\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programe\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programe\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programe\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Chrome Remote Desktop Service (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 15349 bytes

[/spoiler]



Log told me to show this to knowledgeable people so I did

Jeremy Collake

I'm sorry, I didn't clarify.

Hijackthis is different than normal security software. It creates a log of everything you have installed, even stuff not visible to you. So, it's log, if you can figure out how to use it, would be invaluable. You could post it here for analysis (it has no personal data, just what your PC has installed on it).
Software Engineer. Bitsum LLC.

Jeremy Collake

Got the log with your updated post ;)

Thanks! Let us comb through it now... be back with you soon.

EDIT: At a cursory glance, I don't see anything problematic, but do see that ASUS OEM software is installed, so it's still a likely candidate.

Is reinstalling Windows an option? You should do this twice a year as a security precaution anyway, and it will help ensure you *are* keeping good backups. You don't want to find out your backup solution doesn't work well when it's too late ;)
Software Engineer. Bitsum LLC.

Jeremy Collake

EDIT: At a cursory glance, I don't see anything problematic, but do see that ASUS OEM software is installed, so it's still a likely candidate.

Is reinstalling Windows an option? You should do this twice a year as a security precaution anyway, and it will help ensure you *are* keeping good backups. You don't want to find out your backup solution doesn't work well when it's too late ;)
Software Engineer. Bitsum LLC.

edkiefer

Quote from: Jeremy Collake on April 27, 2015, 01:43:51 PM
Got the log with your updated post ;)

Thanks! Let us comb through it now... be back with you soon.

EDIT: At a cursory glance, I don't see anything problematic, but do see that ASUS OEM software is installed, so it's still a likely candidate.

Is reinstalling Windows an option? You should do this twice a year as a security precaution anyway, and it will help ensure you *are* keeping good backups. You don't want to find out your backup solution doesn't work well when it's too late ;)
Yup, I would check to Asus processes and service , just google it to see what it does if there not anything in program's list .

OP
My guess if this is laptop it some kind of power saver or something depending on plug-in or battery , just a guess there .

Hcontrol =http://www.liutilities.com/products/wintaskspro/processlibrary/hcontrol/
hcontrol.exe is a utility by Asus which allows the configuration of the keyboard's special keys. This is a non-essential process. Disabling or enabling it is down to user preference. We strongly recommend that you to identify hcontrol.exe related errors.

atkosd.exeis a process installed alongside ASUS Motherboards and provides additional configuration options for these devices. This program is a non-essential process, but should not be terminated unless suspected to be causing problems. We strongly recommend that you to identify atkosd.exe related errors.
http://www.liutilities.com/products/wintaskspro/processlibrary/atkosd/
Edit:

this link is good overview of Asus utilities under ATK , sadly it really doesn't help with know what it is able to control .
http://www.shouldiremoveit.com/ATK-Package-5811-program.aspx
Bitsum QA Engineer

AzKat

I keep my battery out of my laptop, as for energy saving still no idea, maybe it's the same with all laptops?

Jeremy Collake

No, it's not the same with all laptops, we can assure you of that. You have an anomalous situation here. You've seen it. Something is changing those settings. It's not Lasso, but something.

EDIT: Could apply to all ASUS laptops with their OEM software installed, which is why I would like to know the culprit for sure.
Software Engineer. Bitsum LLC.

edkiefer

I wonder if they could have specific bios setting for energy management .
Bitsum QA Engineer

Jeremy Collake

It's possible. That BIOS (actually UEFI) setting would have to be read by an application or driver, to change the actual Windows settings.
Software Engineer. Bitsum LLC.

Jeremy Collake

This is a candidate as well:

O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
Software Engineer. Bitsum LLC.

chris635

#47
Do you have Asus AI suite on that lap top? It will add power profiles to your system, when used for overclocking. Under power options, does it show any asus power profiles?
Chris

edkiefer

Quote from: chris635 on April 27, 2015, 05:16:45 PM
Do you have Asus AI suite on that lap top? It will add power profiles to your system, when used for overclocking. Under power options, does it show any asus power profiles?
I don't see that running or Intel's XTU app but there is Intel ICC which is a clock gen for either OC cpu or clocking with GPU, since there no XTU running it must be for Intel's integrated graphic .
Bitsum QA Engineer

chris635

Quote from: edkiefer on April 27, 2015, 05:51:13 PM
I don't see that running or Intel's XTU app but there is Intel ICC which is a clock gen for either OC cpu or clocking with GPU, since there no XTU running it must be for Intel's integrated graphic .

Something in there is changing the parking. It might be clock gen.
Chris