Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All File transfers hang. No virus!


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,887 posts
  • MVP

Process Monitor just watches.  Explorer apparently made a shortcut on your desktop called messenger.  If you can find it then right click and select Properties then Look at Target:  What does it say?


  • 0

Advertisements


#32
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

I have uninstalled True Image Home. Because after disabling the miscellaneous services it was running, process monitor was still showing a ddl from the true image home installation folder.

 

Full Process Monitor Log (transfer hangs at the end):

https://app.box.com/...wdoozokresw15mh

 

Full Process Monitor Log2 (transfer hangs a thir dof the way):

https://app.box.com/...e37hzo9v87d0036


Edited by phickspc, 12 July 2017 - 10:19 AM.

  • 0

#33
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

Process Monitor just watches.  Explorer apparently made a shortcut on your desktop called messenger.  If you can find it then right click and select Properties then Look at Target:  What does it say?

 

<script type="text/javascript"> //</script>

 

I couldn't find the 'messenger' shortcut.

But I do have a shortcut I made ages ago called MSG.ink


  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,887 posts
  • MVP

Yes it was msg.lnk and not messenger.

 

Looking at the first big logfile.  Is the last line term time stamped: 

 
17:03:31.5608408  ?
 
Sometimes my Open Office can't read all of the super large files.
 
If that is the last line then ipoint.exe is going crazy and repeating itself.  

  • 0

#35
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

Last line: "17:03:31.5608408","ipoint.exe","2228","RegOpenKey","HKCU\SOFTWARE\Microsoft\IntelliPoint\Components\Commands\413","NAME NOT FOUND","Desired Access: Read"


  • 0

#36
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

Process Explorer:

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    VirusTotal    Verified Signer
System Idle Process    96.87    0 K    24 K    0                
procexp64.exe    0.76    36,064 K    59,184 K    6536    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    0/62    (Verified) Microsoft Corporation
SWYH.exe    0.53    44,896 K    48,896 K    3884    Stream What You Hear    Sebastien.warin.fr    0/62    (No signature was present in the subject) Sebastien.warin.fr
Interrupts    0.48    0 K    0 K    n/a    Hardware Interrupts and DPCs            
firefox.exe    0.45    730,176 K    745,524 K    5924    Firefox    Mozilla Corporation    0/64    (Verified) Mozilla Corporation
MsMpEng.exe    0.16    147,124 K    161,380 K    156    Antimalware Service Executable    Microsoft Corporation    0/64    (Verified) Microsoft Corporation
dwm.exe    0.11    34,908 K    30,300 K    3844    Desktop Window Manager    Microsoft Corporation    0/64    (Verified) Microsoft Windows
thunderbird.exe    0.11    253,112 K    288,388 K    4624    Thunderbird    Mozilla Corporation    0/58    (Verified) Mozilla Corporation
csrss.exe    0.06    3,264 K    8,156 K    660    Client Server Runtime Process    Microsoft Corporation    0/63    (Verified) Microsoft Windows
System    0.05    176 K    1,384 K    4                
svchost.exe    0.05    6,308 K    11,856 K    876    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
NisSrv.exe    0.05    17,288 K    9,532 K    2772    Microsoft Network Realtime Inspection Service    Microsoft Corporation    0/64    (Verified) Microsoft Corporation
mbam.exe    0.05    29,224 K    48,928 K    3300    Malwarebytes Anti-Malware    Malwarebytes    0/62    (Verified) Malwarebytes Corporation
tunmgr.exe    0.03    8,640 K    14,368 K    2476    BlackBerry Link Communication Manager    BlackBerry Limited    0/59    (Verified) BlackBerry Ltd.
explorer.exe    0.03    59,552 K    76,892 K    856    Windows Explorer    Microsoft Corporation    0/63    (Verified) Microsoft Windows
audiodg.exe    0.03    15,664 K    16,848 K    1156    Windows Audio Device Graph Isolation     Microsoft Corporation    0/61    (Verified) Microsoft Windows
svchost.exe    0.03    12,000 K    20,040 K    768    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
svchost.exe    0.03    17,760 K    19,784 K    596    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
svchost.exe    0.03    8,832 K    15,944 K    1784    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
PeerManager.exe    0.02    11,976 K    19,996 K    4528    BlackBerry Link Peer Manager    BlackBerry Limited    0/61    (Verified) BlackBerry Ltd.
nvcontainer.exe    0.02    9,492 K    22,444 K    2172    NVIDIA Container    NVIDIA Corporation    0/61    (Verified) NVIDIA Corporation
LogiOptions.exe    0.01    3,632 K    10,044 K    1744    LogiOptions.exe (UNICODE)    Logitech, Inc.    0/61    (Verified) Logitech Inc
svchost.exe    0.01    33,176 K    41,280 K    1044    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
peerblock.exe    0.01    15,284 K    18,564 K    3984    PeerBlock    PeerBlock, LLC    0/62    (Verified) PeerBlock
nvcontainer.exe    < 0.01    13,804 K    25,240 K    3320    NVIDIA Container    NVIDIA Corporation    0/59    (Verified) NVIDIA Corporation
ipoint.exe    < 0.01    11,976 K    4,120 K    3640    IPoint.exe    Microsoft Corporation    0/57    (Verified) Microsoft Corporation
svchost.exe    < 0.01    15,876 K    16,068 K    1300    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
lsass.exe    < 0.01    4,868 K    11,940 K    764    Local Security Authority Process    Microsoft Corporation    0/64    (Verified) Microsoft Windows
EEventManager.exe    < 0.01    3,696 K    9,364 K    4304    EEventManager Application    SEIKO EPSON CORPORATION    0/62    (Verified) SEIKO EPSON CORPORATION
unchecky_bg.exe    < 0.01    2,344 K    7,736 K    5100    Unchecky Background Process    RaMMicHaeL    0/64    (Verified) Reason Software Company Inc.
ThunderbirdPortable.exe    < 0.01    37,312 K    9,568 K    3968    Mozilla Thunderbird, Portable Edition    PortableApps.com    0/56    (Verified) Rare Ideas
svchost.exe    < 0.01    5,064 K    9,236 K    956    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
FirefoxPortable.exe    < 0.01    36,292 K    9,640 K    4420    Mozilla Firefox, Portable Edition    PortableApps.com    0/63    (Verified) Rare Ideas
mbae-svc.exe    < 0.01    6,668 K    12,604 K    1816    Malwarebytes Anti-Exploit Service    Malwarebytes Corporation    0/61    (Verified) Malwarebytes Corporation
taskhost.exe    < 0.01    12,796 K    17,120 K    4080    Host Process for Windows Tasks    Microsoft Corporation    0/64    (Verified) Microsoft Windows
conhost.exe    < 0.01    1,584 K    3,608 K    1992    Console Window Host    Microsoft Corporation    0/62    (Verified) Microsoft Windows
BbDevMgr.exe    < 0.01    3,676 K    8,112 K    3396    BlackBerry Device Manager    BlackBerry Limited    0/64    (Verified) BlackBerry Ltd.
OfficeClickToRun.exe    < 0.01    18,144 K    33,304 K    1620    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    0/64    (Verified) Microsoft Corporation
csrss.exe    < 0.01    3,356 K    5,600 K    544    Client Server Runtime Process    Microsoft Corporation    0/63    (Verified) Microsoft Windows
loggerservice.exe    < 0.01    1,360 K    4,376 K    3020    Dragon NaturallySpeaking Logging Service    Nuance Communications, Inc.    0/61    (Verified) Nuance Communications
NVDisplay.Container.exe    < 0.01    13,652 K    26,272 K    2340    NVIDIA Container    NVIDIA Corporation    0/63    (Verified) NVIDIA Corporation
svchost.exe    < 0.01    15,704 K    20,352 K    1528    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
mbae64.exe    < 0.01    2,252 K    4,732 K    1984    Malwarebytes Anti-Exploit 64bit tasks    Malwarebytes Corporation    0/61    (Verified) Malwarebytes Corporation
escsvc64.exe    < 0.01    2,100 K    4,416 K    1764    Epson Scanner Service (64bit)    Seiko Epson Corporation    0/62    (Verified) SEIKO EPSON Corporation
wuauclt.exe        2,820 K    7,668 K    6316    Windows Update    Microsoft Corporation    0/63    (Verified) Microsoft Windows
wmpnetwk.exe        6,652 K    1,628 K    4144    Windows Media Player Network Sharing Service    Microsoft Corporation    0/64    (Verified) Microsoft Windows
WmiPrvSE.exe        3,660 K    7,796 K    5136    WMI Provider Host    Microsoft Corporation    0/62    (Verified) Microsoft Windows
winlogon.exe        4,220 K    8,692 K    708    Windows Logon Application    Microsoft Corporation    0/64    (Verified) Microsoft Windows
wininit.exe        2,136 K    5,168 K    652    Windows Start-Up Application    Microsoft Corporation    0/63    (Verified) Microsoft Windows
unchecky_svc.exe        1,728 K    5,152 K    2432    Unchecky Service    RaMMicHaeL    2/64    (Verified) Reason Software Company Inc.
taskeng.exe        3,164 K    7,484 K    4544    Task Scheduler Engine    Microsoft Corporation    0/63    (Verified) Microsoft Windows
svchost.exe        7,868 K    15,188 K    540    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
svchost.exe        2,784 K    6,108 K    1192    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
svchost.exe        3,000 K    6,660 K    3268    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
svchost.exe        2,596 K    7,128 K    2388    Host Process for Windows Services    Microsoft Corporation    0/64    (Verified) Microsoft Windows
sppsvc.exe        3,224 K    9,684 K    5656    Microsoft Software Protection Platform Service    Microsoft Corporation    0/61    (Verified) Microsoft Windows
spoolsv.exe        7,832 K    13,308 K    1496    Spooler SubSystem App    Microsoft Corporation    0/63    (Verified) Microsoft Windows
smss.exe        732 K    1,444 K    424    Windows Session Manager    Microsoft Corporation    0/64    (Verified) Microsoft Windows
services.exe        7,372 K    13,532 K    744    Services and Controller app    Microsoft Corporation    0/62    (Verified) Microsoft Windows
RIMBBLaunchAgent.exe        2,912 K    8,160 K    4152    Launch Agent Service    BlackBerry Limited    0/60    (Verified) BlackBerry Ltd.
PsiService_2.exe        2,152 K    4,564 K    2284    PsiService PsiService    arvato digital services llc    0/61    (Verified) Arvato Digital Services Canada Inc
procexp.exe        2,596 K    8,028 K    6428    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    0/62    (Verified) Microsoft Corporation
nvwirelesscontroller.exe        2,864 K    7,588 K    2220    NVIDIA Wireless Controller Service    NVIDIA Corporation    0/59    (Verified) NVIDIA Corporation
NVDisplay.Container.exe        6,404 K    12,932 K    2196    NVIDIA Container    NVIDIA Corporation    0/63    (Verified) NVIDIA Corporation
nlssrv32.exe        2,240 K    5,276 K    2100    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    1/62    (No signature was present in the subject) Nalpeiron Ltd.
msseces.exe        8,772 K    16,792 K    3628    Microsoft Security Client User Interface    Microsoft Corporation    0/63    (Verified) Microsoft Corporation
MSCamS64.exe        2,744 K    6,928 K    2028    MsCamSvc.exe    Microsoft Corporation    0/63    (Verified) Microsoft Corporation
mDNSResponder.exe        3,676 K    7,368 K    2352    RIM MDNS Service    Apple Inc.    0/61    (Verified) BlackBerry Ltd.
mbamservice.exe        559,808 K    414,288 K    2032    Malwarebytes Anti-Malware    Malwarebytes    0/64    (Verified) Malwarebytes Corporation
mbamscheduler.exe        5,752 K    11,436 K    1952    Malwarebytes Anti-Malware    Malwarebytes    0/60    (Verified) Malwarebytes Corporation
mbae.exe        62,728 K    69,276 K    4632    Malwarebytes Anti-Exploit    Malwarebytes Corporation    0/63    (Verified) Malwarebytes Corporation
MAFWTray.exe        1,552 K    5,536 K    4200    M-Audio FW Tray Application    Avid Technology, Inc.    0/55    (Verified) Avid Technology
LWS.exe        6,352 K    14,096 K    4488    Logitech Webcam Software    Logitech Inc.    0/61    (Verified) Logitech
lsm.exe        3,252 K    5,120 K    772    Local Session Manager Service    Microsoft Corporation    0/63    (Verified) Microsoft Windows
LogiOptionsMgr.exe        11,464 K    17,648 K    5884    LogiOptionsMgr.exe (UNICODE)    Logitech, Inc.    0/62    (Verified) Logitech Inc
kLED.exe        2,908 K    7,796 K    4944    kLED    Skwire Empire    3/61    (No signature was present in the subject) Skwire Empire
jusched.exe        2,636 K    5,840 K    4576    Java Update Scheduler    Oracle Corporation    0/63    (Verified) Oracle America
dgnsvc.exe        1,580 K    5,148 K    1708    Dragon NaturallySpeaking Service    Nuance Communications, Inc.    0/59    (Verified) Nuance Communications
atiesrxx.exe        2,312 K    5,260 K    560    AMD External Events Service Module    AMD    0/56    (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe        3,352 K    7,600 K    1384    AMD External Events Client Module    AMD    0/56    (Verified) Microsoft Windows Hardware Compatibility Publisher

Process: System Idle Process Pid: 0

Type    Name
 


  • 0

#37
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       424 N/A                                         
csrss.exe                      544 N/A                                         
wininit.exe                    652 N/A                                         
csrss.exe                      660 N/A                                         
winlogon.exe                   708 N/A                                         
services.exe                   744 N/A                                         
lsass.exe                      764 EFS, SamSs                                  
lsm.exe                        772 N/A                                         
svchost.exe                    876 DcomLaunch, PlugPlay, Power                 
svchost.exe                    956 RpcEptMapper, RpcSs                         
MsMpEng.exe                    156 MsMpSvc                                     
atiesrxx.exe                   560 AMD External Events Utility                 
svchost.exe                    596 AudioSrv, Dhcp, eventlog, lmhosts, wscsvc   
svchost.exe                    540 AudioEndpointBuilder, hidserv, Netman,      
                                   PcaSvc, UxSms, WdiSystemHost, wudfsvc       
svchost.exe                    768 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc    
svchost.exe                   1044 AeLookupSvc, BITS, Browser, IKEEXT,         
                                   LanmanServer, MMCSS, ProfSvc, Schedule,     
                                   SENS, ShellHWDetection, Themes, Winmgmt,    
                                   wuauserv                                    
audiodg.exe                   1156 N/A                                         
svchost.exe                   1192 gpsvc                                       
svchost.exe                   1300 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
atieclxx.exe                  1384 N/A                                         
spoolsv.exe                   1496 Spooler                                     
svchost.exe                   1528 BFE, DPS, MpsSvc                            
OfficeClickToRun.exe          1620 ClickToRunSvc                               
dgnsvc.exe                    1708 DragonSvc                                   
escsvc64.exe                  1764 EpsonScanSvc                                
svchost.exe                   1784 FDResPub, SSDPSRV, wcncsvc                  
mbae-svc.exe                  1816 MbaeSvc                                     
mbamscheduler.exe             1952 MBAMScheduler                               
mbae64.exe                    1984 N/A                                         
conhost.exe                   1992 N/A                                         
mbamservice.exe               2032 MBAMService                                 
MSCamS64.exe                  2028 MSCamSvc                                    
nlssrv32.exe                  2100 nlsX86cc                                    
nvcontainer.exe               2172 NvContainerLocalSystem                      
NVDisplay.Container.exe       2196 NVDisplay.ContainerLocalSystem              
nvwirelesscontroller.exe      2220 NVIDIA Wireless Controller Service          
PsiService_2.exe              2284 PSI_SVC_2_x64                               
NVDisplay.Container.exe       2340 N/A                                         
mDNSResponder.exe             2352 RIM MDNS                                    
svchost.exe                   2388 stisvc                                      
unchecky_svc.exe              2432 Unchecky                                    
tunmgr.exe                    2476 RIM Tunnel Service                          
loggerservice.exe             3020 DragonLoggerService                         
NisSrv.exe                    2772 NisSrv                                      
svchost.exe                   3268 PolicyAgent                                 
BbDevMgr.exe                  3396 BlackBerry Device Manager                   
taskhost.exe                  4080 N/A                                         
mbam.exe                      3300 N/A                                         
nvcontainer.exe               3320 N/A                                         
dwm.exe                       3844 N/A                                         
explorer.exe                   856 N/A                                         
msseces.exe                   3628 N/A                                         
ipoint.exe                    3640 N/A                                         
LogiOptions.exe               1744 N/A                                         
SWYH.exe                      3884 N/A                                         
peerblock.exe                 3984 N/A                                         
RIMBBLaunchAgent.exe          4152 N/A                                         
MAFWTray.exe                  4200 N/A                                         
EEventManager.exe             4304 N/A                                         
LWS.exe                       4488 N/A                                         
PeerManager.exe               4528 N/A                                         
jusched.exe                   4576 N/A                                         
mbae.exe                      4632 N/A                                         
unchecky_bg.exe               5100 N/A                                         
wmpnetwk.exe                  4144 WMPNetworkSvc                               
kLED.exe                      4944 N/A                                         
ThunderbirdPortable.exe       3968 N/A                                         
thunderbird.exe               4624 N/A                                         
LogiOptionsMgr.exe            5884 N/A                                         
WmiPrvSE.exe                  5136 N/A                                         
FirefoxPortable.exe           4420 N/A                                         
firefox.exe                   5924 N/A                                         
wuauclt.exe                   6316 N/A                                         
taskhost.exe                  6128 N/A                                         
cmd.exe                       6404 N/A                                         
conhost.exe                   4132 N/A                                         
tasklist.exe                  4704 N/A                                         
WmiPrvSE.exe                  4888 N/A                                         
 


  • 0

#38
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

Attached File  phickspc speccy.txt   122.9KB   27 downloads


  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,887 posts
  • MVP

OK.  If that was the last line, the hang was all ipoint.exe.  That's part of intellimouse so can you download a new copy, uninstall the old, reboot and reinstall?  Or just use msconfig to stop it from running?  


  • 0

#40
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

Disabled intellimouse in startup using msconfig.

Unfortunately still no improvement yet.

However, when I load up the Microsoft mouse settings, the window freezes for awhile and if i click cancel, the windo greys out and then windows shell error happens.

Do I need to uninstall ipoint or have we ruled out that this is causing my transfer hang?

Would you like more process monitor logs when I try out your suggestions?


  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,887 posts
  • MVP

I would uninstall it (can you use the PC without it?  Be nice to have a Process Monitor log of a transfer without it)  and reinstall it


  • 0

#42
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

I would uninstall it (can you use the PC without it?  Be nice to have a Process Monitor log of a transfer without it)  and reinstall it

 

<script type="text/javascript"> //</script>

 

I uninstalled ipoint then ran the Xfer test. But the problem still ocurred so I restored my installation from a backup. I can keep ipoint disabled in startup for temporary diagnositics, but I need it for the long run.


Edited by phickspc, 14 July 2017 - 07:31 AM.

  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,887 posts
  • MVP

OK.  Do another process monitor log with it disabled in msconfig and upload it to your site again.

 

Let's also do autoruns from

 
Download Save and Run the program by right clicking and Run As Admin.   File, Save, to your desktop, autoruns.arn, OK
 
Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it.  Do not copy and paste.

  • 0

#44
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

Logfile with ipoint disabled: https://app.box.com/...cm6td6a5e5fdh2k


  • 0

#45
phickspc

phickspc

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts

Autoruns attached: Attached File  Autoruns.zip   276.66KB   16 downloads


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP