Jump to content


Photo

Programs Frequently "Not Resonding" and USB speed issues


  • This topic is locked This topic is locked
81 replies to this topic

#51 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 06 May 2017 - 02:20 PM

And I think I've come to the conclusion that Thunderbird is the culprit on the freezing issue.  I'm currently using Chrome as my browser but when Thunderbird is running I get frequent freezes.  So it looks like either trying to find what exactly the problem in Thunderbird is or switching to something else for my various email accounts.  As it is, I only open Thunderbird in brief intervals to grab what I can, wade through any freezes that happen, and then shut it down again quickly while I do other things.  This is not the most convenient arrangement and borders on intolerable when I am working.



#52 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 06 May 2017 - 07:06 PM

Hello TheWriterInBlack.


Please try switching off hardware acceleration in Mozilla Thunderbird:

Go to 'Menu icon' > 'Options' > 'Options' > 'Advanced' > 'General' tab

To switch off hardware acceleration:
Uncheck 'Use hardware acceleration when available'
Click on 'OK'.
Restart Thunderbird and see if that solved the freezes issue.


I also recommend you read the information in the links below related to performance issues in Thunderbird and see if that can helps you.

General info on Performance issues:
http://kb.mozillazin...e_-_Thunderbird

 

Information on anti-virus products:
https://wiki.mozilla...formance_Issues


If the procedures above did not solved the problem you can try to install another free web-mail service from the list below in alternative to Mozilla Thunderbird to see if it solves the freezes problem. Test them and see which one is that best fits your purposes.

IncrediMail
Mailbird Free
Opera Mail
Pegasus Mail



Please let me know if there was any progress.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#53 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 06 May 2017 - 07:18 PM

Hardware acceleration was not turned on.

 

Trying the other things.



#54 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 07 May 2017 - 08:50 AM

I've been running with Thunderbird in safe mode since yesterday evening.  I've had short "not responding" periods after the computer wakes up from sleep mode but not otherwise.



#55 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 08 May 2017 - 06:21 AM

Okay, please keep me posted about your tests and let me know if there is any progress.

 

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#56 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 19 May 2017 - 07:14 AM

Things had been mostly going pretty well.  But woke up this morning and Malwarebytes reported real time protection turned off.  Also got the "This device can perform faster" notice.  Unfortunately it doesn't tell me which device and I can't spend the time testing because I have to go to work.



#57 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 19 May 2017 - 07:29 AM

And when I tried to run a Malwarebytes scan it almost immediately shut down and said "complete" with no threats detected.  That can't be good.



#58 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 19 May 2017 - 09:16 PM

Update:  I'd left the computer off all day while I was at work.  When I came home I turned it on.  Without starting any of the "internet" apps I started Malwarebytes.  Real time was turned off and when I tried to turn it on it took a long time to start, but start it did.  I was also able to run a scan which came back negative--no problems found.

 

Not sure what to make of this.



#59 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 20 May 2017 - 04:01 PM

Sigh.  And the frequent "not responding" errors are back.



#60 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,801 posts

Posted 20 May 2017 - 08:01 PM

TheWriterInBlack

Android 8888 posted several tests for you to try in Post #52
http://www.spywarein...e-2#entry800214

In order for us to help you any further we need to know if you have performed any of those tests.

If you have not tried any of those alternatives then please complete the following steps.

Download and install another email client > disable Thunderbird > make the new program the default email program.

A list of alternative email clients can be found here

I suggest you run the new program for a few days

If the not responding errors still occur then please uninstall that program and move on to the next program in the list.

To uninstall a program ---

Please download and install Revo Uninstaller (Freeware) from here.

Run Revo Uninstaller and select the program from the list
Click Uninstall icon and follow the prompts
When finished choose Scan
Delete all the highlighted Registry items
Click Next
Select all the folders and files listed by Revo
Click Delete
Reboot the computer when Revo is finished.

Please let us know how you get on


Rocket Grannie
 


a92.gif


 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#61 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 20 May 2017 - 08:37 PM

May not have been clear.

Please try switching off hardware acceleration in Mozilla Thunderbird:

Go to 'Menu icon' > 'Options' > 'Options' > 'Advanced' > 'General' tab

To switch off hardware acceleration:
Uncheck 'Use hardware acceleration when available'
Click on 'OK'.
Restart Thunderbird and see if that solved the freezes issue.

 

Hardware acceleration wasn't turned on to begin with.


I also recommend you read the information in the links below related to performance issues in Thunderbird and see if that can helps you.

General info on Performance issues:
http://kb.mozillazin...e_-_Thunderbird

 

The things I got from here were to try compacting the mailboxes--lots of old data could be slowing access and to try running in safe mode.  I did both of those.  Things were fine for quite some time even after I restarted Thunderbird in regular mode.

 

I've been having the freeze even when Thunderbird is not running so I'm no longer so certain that it is the culprit.  When I have the freeze I'll often see a notice in Chrome "Waiting for Cache"

 

Information on anti-virus products:
https://wiki.mozilla...formance_Issues

 

This one I had missed.  Things were going well after the previous (until they weren't).  So let me try adding the exclusion to the Thunderbird Profile and see what that does.



#62 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 20 May 2017 - 08:37 PM

If it doesn't work, I have downloaded "IncrediMail" (the first on the list) and will try that.



#63 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 21 May 2017 - 04:48 PM

Hello TheWriterInBlack and welcome back!

 

 

First let me know if the issue with Real-Time Protection of Malwarebytes is solved or still remain.

 

 

Information on anti-virus products:
https://wiki.mozilla...formance_Issues

 

This one I had missed.  Things were going well after the previous (until they weren't).  So let me try adding the exclusion to the Thunderbird Profile and see what that does.

Does the information on this link helped you? Does the "not responding" message still occurs?

 

 

 

 

When I have the freeze I'll often see a notice in Chrome "Waiting for Cache"

About this issue please read the instructions in the link below to clear the cache and cookies from Google Chrome:

https://kb.wisc.edu/...ge.php?id=24629

 

 

 

 

If it doesn't work, I have downloaded "IncrediMail" (the first on the list) and will try that.

Have you already tried IncrediMail or another one from the list that I and Rocket Grannie provided you?

 

 

Please keep me posted about the state of these issues.

 

Thank you.

 

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#64 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 21 May 2017 - 05:21 PM

Incredimail, so far as I was able to find, was not able to set my hotmail account (my primary email) as a POP3 (my preferred way of handling it).

Both Mailbird Free and OperaMail were stopped by Malwarebytes when I tried to install them.

Currently trying Pegasus Mail.



#65 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 21 May 2017 - 05:25 PM

Adding the Exclusion to MSE did not help.  Still got the "Not Responding" error.  It's intermittent, of course, so sometimes I might go a while before it happens.

 

As I mentioned in the previous message I'm trying the other email programs.

 

Trying clearing the cache right now.



#66 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 22 May 2017 - 04:56 PM

Hello.
 

Still got the "Not Responding" error.  It's intermittent, of course, so sometimes I might go a while before it happens.

Okay, first I would like to see a new log from the Farbar Service Scanner tool to verify the existence of missing Services that may be causing the 'Not Responding' errors.

Please download Farbar Service Scanner by Farbar to your Desktop and double-click the file to run it.

  • Click "Yes" to accept the disclaimer and then make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center / Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.

 

Please copy and paste the entire contents of the log to your next reply and wait for further instructions.

 

Thank you.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#67 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 22 May 2017 - 10:20 PM

Forgot to mention earlier, after the one issue, I was able to get the real time protection on Malwarebytes turned back on and run a full scan.  It found no problems.

 

Since removing Thunderbird and trying the other email programs I have not had any extended "not responding" errors.  I simply observe that I had them when it was installed even when it wasn't running, but they seem to have gone away with it uninstalled which strikes me as weird.

 

To recap the alternate email programs suggested:
Incredimail would not let me access my Hotmail (my primary personal email account) via POP3, my preferred method.  I did not try to access my work email with it.

Malwarebytes flagged the install program for Mailbird Free and would not let it proceed.

Malwarebytes flagged the install program for OperaMail as well.

Pegasus Mail installed OK and was able to access my Hotmail account as POP3.  So far, so good.  Main problem is that the default fonts for everything are uncomfortably small.  I figured out how to change that for individual messages but not how to change the default.  Also, when I added in my work email account it put all the messages in one big folder not this account here and that account there.  The big problem, though, is that there's no "delete from server after X days" option that I can find.  Since I like to access both my primary accounts from both my home and work computer being able to leave files on the server for a short time to make sure I can get it from the other computer is very helpful.

 

FSS results:

Farbar Service Scanner Version: 27-01-2016
Ran by dburkhead (administrator) on 22-05-2017 at 23:17:08
Running from "C:\Users\dburkhead\Desktop\Security"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#68 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 23 May 2017 - 04:55 PM

Hello.

The FSS log appears to be good. There is no problem with the Services.

 

Forgot to mention earlier, after the one issue, I was able to get the real time protection on Malwarebytes turned back on and run a full scan.  It found no problems.

Thank you for this information.

 

 

Incredimail would not let me access my Hotmail (my primary personal email account) via POP3, my preferred method.

Please read here and see if it can helps you.

 

 

Main problem is that the default fonts for everything are uncomfortably small.  I figured out how to change that for individual messages but not how to change the default.  Also, when I added in my work email account it put all the messages in one big folder not this account here and that account there.

Please read the instructions in the link below and see if it can helps you:
http://mailformat.da...ig/pegasus.html

 

 

The big problem, though, is that there's no "delete from server after X days" option that I can find.  Since I like to access both my primary accounts from both my home and work computer being able to leave files on the server for a short time to make sure I can get it from the other computer is very helpful.

Please see if the information in the following link can help you.
http://community.pma...read/24325.aspx
 

 

Please let me know how is the computer running. Which issues or concerns still persists?


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#69 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 23 May 2017 - 07:18 PM

I've read through those links on Pegasus Mail and it does not look like I can set it up the way I'm comfortable with (from long time use of Thunderbird, OE before that, and Eudora before that).  Do you have any other suggestions or am I just going to have to suck it up?

 

So far I still have not had any extended "Not responding" problems.  I would occasionally have something go not responding for a few seconds but not something that hits just about every program I have running on my computer.  Normal?



#70 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 24 May 2017 - 03:16 PM

I would occasionally have something go not responding for a few seconds but not something that hits just about every program I have running on my computer. Normal?

Well, I can't tell that for sure.

 

You can also try to troubleshoot this issue by performing a Clean Boot. A clean boot is a troubleshooting technique that allows you to get the computer up and running so that you can perform diagnostic tests to determine which 3rd party programs of the normal boot process are causing problems.
How to perform a Clean Boot

 

 

I've read through those links on Pegasus Mail and it does not look like I can set it up the way I'm comfortable with (from long time use of Thunderbird, OE before that, and Eudora before that).  Do you have any other suggestions or am I just going to have to suck it up?

Okay, you can try to download and test the other e-mail client programs that Malwarebytes has blocked.
 

First, let's create a new Restore Point.
How to Create a Restore Point in Windows 7

Once the Restore Point is created, temporarily disable the Real-Time protection of Malwarebytes.

Open Malwarebytes then click on Settings > Advanced Settings > and in that window uncheck the top 3 items.

  • Start Malwarebytes Anti-Malware with Windows
  • Enable Malware Protection when Malwarebytes Anti-Malware starts
  • Enable Malicious Website Protection when Malwarebytes Anti-Malware starts

Now you can try to download, install and test the other e-mail client programs and see if there is any that adapts to your usage profile.

Please let me know how you get on.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#71 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 24 May 2017 - 05:55 PM

In Malwarebytes (Premium) On "settings" I see tabs Application, Protection, Scan Schedule, Exclusions, My Account, and About.

 

The only "Advanced Settings" I see is under "Protection" and appears to apply only to Exploit Protection With things like DEP Enforcement, Anti-HeapSpraying Enforcement and so on.

 

On that set of menus, under "Protection" I can see "Web Protectin:  Prevents connections to malicious or compromised websites",  "Malware Protection", "Start Malwarebytes at Windows Startup".  These look like what I need so I'll proceed with that presumption and try "Operamail" (I'd at least heard of that one before which is as good a reason as any to select it to try next).



#72 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 24 May 2017 - 05:57 PM

OperaMail, go to the link you provided earlier and I get:

 

This page contains the following errors:
error on line 2 at column 54: Specification mandate value for attribute itemscope
Below is a rendering of the page up to the first error.

#73 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 24 May 2017 - 06:00 PM

Okay, I can end run around that by going to the "Mailbird Free" which is at the same site, and then searching for Opera Mail which takes me to a review, which takes me to Opera's own website, where I can download it.



#74 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 25 May 2017 - 05:38 AM

OperaMail, go to the link you provided earlier and I get:
This page contains the following errors:
error on line 2 at column 54: Specification mandate value for attribute itemscope
Below is a rendering of the page up to the first error.

You can try to download it from the list in the link below:
http://www.techradar...ee-email-client


Below you have a basic tutorial of Opera Mail. It may help you to configure and personalize Opera Mail.
http://www.opera.com...tutorials/mail/


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#75 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 26 May 2017 - 05:47 PM

I've been running Operamail.  Still not happy with the way it works but I suspect unless something was "exactly like Thunderbird except not causing the 'not responding' issue" until I get used to it.

 

However, last night and this morning I did have the "not responding" problem, badly.

 

Something I've been wondering about that though.  My memory usage has been in the 3 GB+ range most of the time.  I have 4 GB of RAM installed on this computer.  Could the problem simply be that I'm getting into the swapfile and the computer has to wait while large chunks of data are swapped between RAM and the Hard Drive?  It's a 64 bit OS so I could simply install more memory if that's the problem.



#76 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 26 May 2017 - 06:22 PM

And it's still doing it with the only applications running being Chrome and Task Manager.  Yet Memory usage is 3.36 GB.



#77 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 27 May 2017 - 02:13 PM

Okay, please try to see if we can reduce the memory usage. Please proceed with the following instructions:

Download the Zoek tool from:here
 
When the download appears, save it to the computer's Desktop.
Next temporarily disable your Antivirus program so it does not interfere with the scan.
Information on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

On the Desktop, right-click the Zoek.exe file and select Run as administrator.
Accept the User Account Control security warning that may appear.

Next, copy and paste the entire script inside the code box below to the input field of Zoek:
 

createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b

Close any open Internet Browsers.
Click the Run script button, and wait. It can take some time consuming to run all the script so please be patient.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the system-drive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please post the zoek-results.log in your reply and note any errors encountered.
 
Note: Please re-enable your Antivirus program.

How is the computer running now? Any improvement?


Edited by Android 8888, 27 May 2017 - 02:14 PM.

Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#78 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 27 May 2017 - 10:01 PM

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by dburkhead on Sat 05/27/2017 at 21:44:44.74.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\dburkhead\Desktop\Security\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
5/27/2017 9:56:09 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\CheckPoint deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\Program Files\CheckPoint deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Backup\AppData\Roaming\Apple Computer deleted successfully
C:\Users\dburkhead\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\dburkhead\AppData\Local\EmieSiteList deleted successfully
C:\Users\dburkhead\AppData\Local\EmieUserList deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\DBURKH~1\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.thewriterinblack.com");
 
Added to C:\Users\DBURKH~1\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
ProfilePath: C:\Users\DBURKH~1\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default
 
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20170527_1028_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\CheckPoint not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\Windows Live SkyDrive deleted
C:\Users\dburkhead\AppData\Roaming\calibre deleted
C:\Users\dburkhead\AppData\Roaming\pdfforge deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\PROGRA~3\{FBF3739B-717D-4429-BCEB-98D514E65F29} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\dburkhead\AppData\Local\Unity deleted
C:\Users\dburkhead\AppData\LocalLow\Unity deleted
C:\windows\wininit.ini deleted
"C:\Users\dburkhead\AppData\Local\1w15mg3p30e624" deleted
"C:\Users\dburkhead\AppData\Local\y6xt28y8ua2klp" deleted
"C:\ProgramData\1w15mg3p30e624" deleted
"C:\ProgramData\y6xt28y8ua2klp" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\DBURKH~1\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\DBURKH~1\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\dburkhead\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default
80320392DCC61B22F0BB23DD5AD7D341 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll - Shockwave Flash
87132527E2256CF6683A18C4EB34DD3B - C:\windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
ADC539F67D3198679F480974EE203678 - C:\windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.210.11
2D45A8274592D965EDFB62ACCB1150B1 - C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll - Google Update
11F923ADF911CC6BDD203D82FA3D779F - C:\Users\dburkhead\AppData\Local\Roblox\Versions\version-eecd9135a67340ab\NPRobloxProxy.dll - Roblox Launcher Plugin
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\dburkhead\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
 
 
==== Chromium Look ======================
 
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
Google Drive App Launcher - dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Chrome Media Router - dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"
 
==== Reset Google Chrome ======================
 
C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW deleted successfully
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dburkhead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dburkhead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\udhisapiN8O2H7ZI.xml will be deleted at reboot
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\udhisapiWNGGA2ML.xml will be deleted at reboot
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\udhisapiN8O2H7ZI.xml will be deleted at reboot
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\udhisapiWNGGA2ML.xml will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
C:\Users\dburkhead\AppData\Local\Mozilla\Firefox\Profiles\r6l8ts3w.default\cache2 emptied successfully
C:\Users\dburkhead\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default\storage\default\https+++weather.com\cache emptied successfully
C:\Users\dburkhead\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default\storage\default\https+++wordpress.com\cache emptied successfully
C:\Users\dburkhead\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default\storage\default\https+++www.pandora.com\cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache is not empty, a reboot is needed
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=994 folders=489 159186590 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Backup\AppData\Local\temp emptied successfully
C:\Users\dburkhead\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\DBURKH~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\udhisapiN8O2H7ZI.xml" deleted
"C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\udhisapiWNGGA2ML.xml" deleted
"C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\udhisapiN8O2H7ZI.xml" not found
"C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\udhisapiWNGGA2ML.xml" not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AB9U6P44\aka.spotxcdn.com"  not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AB9U6P44\live.sekindo.com"  not found
"C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AB9U6P44\va1en.sftcdn.net"  not found
 
==== EOF on Sat 05/27/2017 at 22:56:25.14 ======================
 
We'll see how it behaves when I've had a chance to exercise it a bit.


#79 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 27 May 2017 - 10:28 PM

First result.  Having only task manager and Chrome running.  Chrome having three tabs open:  This one, Facebook, and Pandora (my usual background music source).  Memory usage is running at 3.01-3.02 GB which is a little bit better than it was before (I had more tabs running then).



#80 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 28 May 2017 - 06:00 PM

Hello TheWriterInBlack..

The 'Not Responding' issue that you have been experiencing is not malware related.
 

First result.  Having only task manager and Chrome running.  Chrome having three tabs open:  This one, Facebook, and Pandora (my usual background music source).  Memory usage is running at 3.01-3.02 GB which is a little bit better than it was before (I had more tabs running then).

Okay, can you test several times with this scenario and see if the 'Not Responding' issue still occur?

That amount of memory in use (3.01 GB or 3.02 GB) can be considered a normal value for the Chrome browser and number of tabs that you have open on it. On my computer if I open only one tab on Chrome (e.g. the SWI site) and Task Manager simultaneously and also a bit of apps loaded on Windows startup, I have an amount of memory usage of 3.7 GB. Be aware that the Internet browsers usually need a considerable amount of memory usage.

In your case --- If you are using some browser tabs and programs simultaneously which in certain cases may exceed the limits of amount of memory installed (RAM) forcing the Operating System to start using virtual memory (the Paging file) from your hard drive, that will slow things down significantly and you can start experiencing a 'Not Responding' issue randomly.

Also, be aware that part of the memory (RAM) is also used by the Operating System and for some programs that may have been loaded on Windows startup. Even if you are not using and working on them they are running in the background.

I'm not say with absolute certainty that the problem is the memory, but looking into your system hardware configuration this hypothesis exists and therefore you don't lose anything in add more memory to your computer.

You are running a 64-bit Operating System which means that it can manage memory above 4 GB, unlike a 32-bit Operating System that can only manage up to 4 GB.

Please let me know the state of the computer. Are there any issues or concerns?

Thank you.

Android 8888


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.


#81 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 53 posts

Posted 28 May 2017 - 07:58 PM

It sounds like at this point things are as good as they're going to get.  It's looking like "program growth" (each new update and upgrade over every program from Windows on up making them a bit bigger) has simply caught up with the memory the computer came with and it's perhaps past time to upgrade.  In which case, thank you folk for the help.  It's been "above and beyond the call of duty."  So far, since the last bit it's been running okay with my applications pared down to a minimal level.  I'll try adding a bit more to closer to my normal operation and see what happens.



#82 Android 8888

Android 8888

    SWI Malware Tracker

  • Helper
  • PipPipPipPipPip
  • 962 posts

Posted 10 July 2017 - 09:24 AM

Since the issue appear to be resolved, this topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


Android 8888
 

Website: http://android8888.comlu.com

 

Tavira - Here's where I live!

 

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"
 
Our help is free, but if you wish to help keep these forums running please consider a donation; Please see This Topic for details.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!