Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High Memory Usage that can lock up or cause program malfunctions


  • Please log in to reply
7 replies to this topic

#1 musicbrain

musicbrain

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 15 February 2017 - 08:52 PM

I have a desktop with i7-4790 & 8 GB ram.  When I run a streaming data platform that takes up around 1.4 G, & run Firefox w/7-8 tabs which takes up 1.2 G, & I have used a calculator to add up all the memory showing up under the Processes tab of Task Manager, it only adds up to 2.5 GB ram.

 

Hp, the computer mfr. wants me to ship it to repair facility, but I don't really want to do this, nor does this seem necessary.  It would leave me w/o a computer & I'm very careful with my electronics, so my tower doesn't have a scratch or mark on it, and I highly doubt it would be returned to me in the same condition.

 

But why I don't think this is necessary?  I've used HP Diagnositcs, and run about every test, and it passes them all.  Long & Short DST test, Extensive Memory Test, Processor test, etc.  I have run McAfee comprehensive (3 hour) viral scans & I regularly run free Malwarebytes.

 

I would think this is a software issue.  It seems like since I began using Firefox & then downloaded Vivaldi browser, the problem got worse.  But even before this, I would get high memory usage & even CPU usage at times, showing in Task Manager.

 

I'm not anywhere near as knowledgeable as many are.  An HP tech in the past ran Bleeping Computer software, CC Clean, ADW Cleaner, and went like lightening in using these, and I believe he may have screwed with my registry.  This was back in Aug. 2016.  I would think I would have more, and severe problems if that were the case.  I still have some of these programs on the computer, and in the case of CC Cleaner, it has a registry cleaner, but I know better than to use something like this without extensive knowledge, or I could really screw up the registry.  It seems all these are supposed to be safe software to use, but I'm just lost on all of this.

 

On a web search, I came across a topic with the my same problem, and it recommended using RAMMap, that can find all the RAM being used by your computer.  I don't know if this is safe, and the post was by someone using Windows 8.

 

Help would be greatly appreciated!



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:16 PM

Posted 15 February 2017 - 09:18 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
 
post-33068-0-86653600-1480692866_thumb.j

     Now, at the top, click File > Publish Snapshot.

     Click Yes > then Copy to Clipboard

Now, once you are back in the forum topic you are posting in, click the ADD REPLY or REPLY TO THIS TOPIC button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Louis



#3 musicbrain

musicbrain
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 17 February 2017 - 12:40 AM

hamluis,

 

None of this is working the way you describe it in your email.  Below, is that the link you ask for?  As far as pasting the MiniToolBox content into this post, it went into Notepad, & it is too long to past into this post.  I am very confused, and don't know how to proceed.  A new problem emerged.  Late night on 2/15, suddenly, I was unable to click on anything in the browser, or even closed it.  I went to Task Manager, & found that a McAfee process (I believe it was mcshield.exe - Description: McAfee Scanner Service ) was using over 2GB of ram!  I tried to end process, but a screen told me (The operation could not be completed. Access is denied."  I could not do so.   I had to force quit to shut down.   I uninstalled McAfee completely (it is the Security Suite for AT&T), and then I reinstalled it.  The next morning, things seemed much better, and this process was using 200,000 to 300,000k.

 

Now, when I went to click on McAfee that is pinned to my taskbar, it will not come up.  Neither will it start from the Start Menu programs.  If I click on my little up arrow on the rt. side of the taskbar, McAfee is there, but when I click on it, it tells me "An update is being installed.  Please wait until the McAfee is finished with the installation."  BUT nothing is happening at all!  It appears it is doing nothing, and this is malfunctioning.  Last night when I reinstalled it, I ran a complete virus scan.  Nothing was found.  A half-hour ago I ran a Malwarebytes scan that found nothing.  Is it my computer that there is something wrong with?

 

I figured out to save the MTB Notepad "file", which I renamed "MTBfrom0216at1058pm"  

 

Mod Edit:  Pasted content of deleted attachment into post - Hamluis.

MiniToolBox by Farbar  Version: 17-06-2016
Ran by lambie (administrator) on 16-02-2017 at 22:58:40
Running from "C:\Users\lambie\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: 810-145qe Manufacturer: Hewlett-Packard

Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/16/2017 08:10:07 AM) (Source: HP Active Health) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/16/2017 12:47:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x1bbc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/16/2017 12:32:46 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x1d54
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/11/2017 12:05:46 PM) (Source: HP Active Health) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/08/2017 09:29:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x18d4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/08/2017 01:25:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x2650
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/07/2017 11:56:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x1f94
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/04/2017 02:14:41 PM) (Source: HP Active Health) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/04/2017 01:33:14 AM) (Source: HP Active Health) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it


Error: (02/04/2017 01:26:57 AM) (Source: AVLogEvent) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014


System errors:
=============
Error: (02/16/2017 10:51:26 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (02/16/2017 10:51:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/16/2017 10:51:26 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/16/2017 10:51:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/16/2017 10:51:23 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/16/2017 10:51:23 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/16/2017 10:51:22 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/16/2017 10:51:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Error: (02/16/2017 10:51:21 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Platform Services service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (02/16/2017 10:51:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.

Microsoft Office Sessions:
=========================
Error: (02/16/2017 08:10:07 AM) (Source: HP Active Health)(User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/16/2017 12:47:34 AM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec831bbc01d288205df2cb baC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllcb787547-f413-11e6-ac15-90489ad57630

Error: (02/16/2017 12:32:46 AM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec831d5401d28817dadc8a f4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllb9db97bf-f411-11e6-ac15-90489ad57630

Error: (02/11/2017 12:05:46 PM) (Source: HP Active Health)(User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/08/2017 09:29:24 PM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec8318d401d282413 e81f7fcC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllf3810d67-ee77-11e6-b355-90489ad57630

Error: (02/08/2017 01:25:45 AM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec83265001d281d0a6 841f0cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dllcda69822-edcf-11e6-89c4-90489ad57630

Error: (02/07/2017 11:56:25 PM) (Source: Application Error)(User: )
Description: plugin-container.exe51.0.1.62345888f707mozglue.dll51.0.1.62345888f27e800000030000ec831f9401d281b1e4e2 513cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dll52ce1abe-edc3-11e6-89c4-90489ad57630

Error: (02/04/2017 02:14:41 PM) (Source: HP Active Health)(User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/04/2017 01:33:14 AM) (Source: HP Active Health)(User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (02/04/2017 01:26:57 AM) (Source: AVLogEvent)(User: NT AUTHORITY)
Description: a7f42014

CodeIntegrity Errors:
===================================
  Date: 2016-01-19 20:37:17.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-19 20:37:17.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\wdcsam64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================
. . . (HKLM\...\{DCAFF63A-A26F-4809-A00D-27AD6733ACB3}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{C7B0C705-9987-44A2-B495-4101DAEDBFE0}) (Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{99D7329A-44AA-4D40-AA8D-0F5783C38B76}) (Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.2.0.0 - CANON INC.)
Canon MF Toolbox 4.9.1.1.mf18 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf18 - CANON INC.)
Canon MF220 Series (HKLM\...\{33A079E0-BF49-4E97-9293-3EDDA6D130A4}) (Version: 4.5.0.0 - CANON INC.)
Canon MF240 Series (HKLM\...\{31DCD678-B363-43B7-AF3D-258D7376A129}) (Version: 5.2.0.0 - CANON INC.)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.3907 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
E-TRADE Pro 1.12 (HKLM-x32\...\4285-0367-3118-9779) (Version: 1.12 - E*TRADE Financial)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{C869E3D3-23D3-4102-A5C5-3D33448FC613}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6486.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.135 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.7165.5002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NVIDIA 3D Vision Driver 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation)
NVIDIA Graphics Driver 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{B1D45D48-A4D4-495F-A693-681EA9846754}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Ralink Bluetooth Stack64 (HKLM\...\{66C75C3D-11A0-E560-B1EC-0AC14B6012E3}) (Version: 9.0.730.1 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.33.1 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6704 - CyberLink Corp.) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.2.0.0 - CANON INC.)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.1 - Tweaking.com)
WD Quick View (HKLM-x32\...\{CF54EA13-0BA9-426A-A296-D108C9DBEFF3}) (Version: 2.4.13.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6E80972C-C76A-4CFB-AD8E-003BF777B7AA}) (Version: 2.4.13.7 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{30d59263-cfde-4ddb-9021-e280187620b2}) (Version: 2.4.13.7 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

========================= Memory info: ===================================
Percentage of memory in use: 36%
Total physical RAM: 8145.29 MB
Available physical RAM: 5144.38 MB
Total Virtual: 16288.76 MB
Available Virtual: 13230.12 MB

========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:1852.8 GB) (Free:1787.04 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:9.98 GB) (Free:1.22 GB) NTFS
4 Drive f: () (Removable) (Total:3.74 GB) (Free:3.31 GB) FAT32
5 Drive g: () (Removable) (Total:14.9 GB) (Free:0.79 GB) FAT32

========================= Users: ========================================
User accounts for \\TIGER
Administrator            Guest                    lambie                   


**** End of log ****
 

 

http://speccy.piriform.com/results/qiEvS0JwNHz6h7MybKmXlsS


Edited by hamluis, 17 February 2017 - 08:03 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:16 PM

Posted 17 February 2017 - 08:38 AM

I see no evidence of "high memory usage" in the Speccy data.  It's normal for a browser to have anything from 100MB of peak RAM usage, wth more usage reflected with each browser window open.  It's normal for an installed AV program to use somewhere around 300MB usage as it does what it's supposed to do.  Your reflected usage for these items is not abnormal.

 

You do have a svchost process reflecting 600MB peak RAM usage...which, IMO, should never be a showstopper for a 64-bit system with 8GB RAM installed.  You can investigate that process, if you like, by using a tool from Tweaking.com, Svchost.exe Tool .  Just double click the downloaded file and then click the refresh button at upper left...the result will show you what is running behind the servicehost processes.

 

In short...I see no evidence of high memory usage and I would look in other directions.

 

Hard drive SMART values look OK to me...no evidence of overheating with either the hard drive or the CPU.

 

Looking at the Event Viewer errors...McAfee and the security warning are flags for me.

 

I would move this topic to Am I Infected for a malware check...based on the absence of flags pointing in a different direction.

 

Louis



#5 musicbrain

musicbrain
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 17 February 2017 - 06:51 PM

Attached File  MALWARE0217.jpg   90.03KB   0 downloadsMORE DISCOVERIES: My McAfee Security Suite that I uninstalled (showing it was using 2.4G in one of the processes in Task Manager), when I reinstalled it, everything was fine. Then, later, the new install did the SAME thing - showing a similar huge usage figure. AND it locked up the computer. I could not access the browser I had opened, Chrome, nor could I close Chrome, nor could I access, again, McAfee, as clicking it would not bring anything up.

I had to force quit to shut down. Then, I restarted the computer, and now McAfee was working and not using such excessive memory. However, during the day, when I was opening a new tab, I noticed that the URL in Chrome, as I typed www. was automatically bring up the URL for wunderground.com with long extensions of the URL to bring me to the exact URL I access for my city, etc.

Then, suddenly a Malware or Virus message came up, which I have attached to this reply.

So, it appear to me that there is malware or a virus on my computer that needs to be found & removed. Why Malwarebytes doesn't find anything, nor does McAfee prevent this from happening, I don't know.

Please look at the screenshots I've attached. The one is clearly a Malware, Spyware popup & you have force quit the browser to avoid HAMLUIS felt after looking at all the MTB & Speecy stuff I ran & pasted, he noted that McAfee seemed to be showing many errors in the EVENT LOG ERRORS, which you can view embedded right in this post.

Please help me, as I don't know how to rid my computer of infection, w/o paying someone. I've also experienced that when I got HP to provide a free, normally-charged $100 for, SmartFriend software service, that half these techs are incompetent. The tech installed CCcleaner, BleepingComputer, ADWWare, & other programs, some of which I am not sure were safe, & simply RACED like mad, doing all sorts of things, and I believe he may have screwed with my Windows registry.

Thanks so much.

NOTE: I EDITED THIS WITH ADDITIONAL STEPS I TOOK BELOW, and the discovery of corrupt files in Windows 7. I would doubt this has anything to do with the McAfee issues Hamluis saw in my EventViewer results. But, as you can see below, I took Hamluis' suggestion I run Svchost.exe tool, which I ran per Microsoft's instructions from their Forums, and I can't fix these, as you will read below.
_______________________________________________________________________________________________

I ran the Svc.exe. I have W7Pro. I followed all the instructions, & I found that they DON'T work.


Here's what I did, per instructions, on command prompt, & I'm copying, verbatim, what responses I got, & my entries per instructions from the Microsoft Forum.

_____________________________________________________________________


C:\windows\system32>sfc /scannow


Beginning system scan. This process will take some time.


Beginning verification phase of system scan.

Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some of them.

Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example

C:\Windows\Logs\CBS\CBS.log


C:\windows/system32>findstr /c:"ESRI" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

___________________________________________________________________



So, I made two entries:

sfc /scannow

findstr /c:"ESRI" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"


You can see from my "findstr" entry, that I received no response; just another command prompt.

When I then read how I am supposed to fix the corrupt files; it makes no sense. First, how can this process expect that the user would have another computer with W7 on it? I don't, nor does anyone I know. Second, it does not tell you the actual process of HOW to actually get the uncorrupted files, even if one had another W7 computer to get them from. But, this is meaningless, b/c I have NO way to get another W7 computer, & it is ridiculous to expect someone to be able to do so. You don't find W7 computers in any libraries. You can't even BUY one. Third, the directions do not tell you where or how you actually replace your corrupted files with the uncorrupted ones.


I have Windows 7 Pro discs from HP, but I don't believe they will do me any good, unless I completely reinstall W7Pro, which I want to avoid at all costs. I already went through this when my hard drive was failing, & it was a nightmare I don't want to go through again.


So, please help me with this. Perhaps I could attach to an email the Svc Details, which I saved in the Notepad format they appear in. There are not more than perhaps 8 of these; so, I could either attach the result file to an email, or copy and paste the files it was unable to repair on this site.

Edited by musicbrain, 18 February 2017 - 01:17 AM.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:16 PM

Posted 18 February 2017 - 10:27 AM

Topic moved to Am I Infected forum.

 

Louis



#7 musicbrain

musicbrain
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 18 February 2017 - 01:45 PM

Hamluis,

 

I don't find my topic moved to Am I Infected forum.  And, my problem, as I described, involves more than possible malware; it involves corrupt files in Windows.

 

So, where is my topic that you said you moved?  



#8 musicbrain

musicbrain
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 18 February 2017 - 07:17 PM

After hours have elapsed, I went & posted in the Am I Infected forum.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users