Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Not sure if I have malware!

Started by rogerbid , May 12 2020 01:27 AM

Please log in to reply

#76
rogerbid

Posted 26 May 2020 - 03:04 AM

Member

Topic Starter
Member
255 posts

Update: Sorry Ron, the internet has been down here preventing me from doing the tasks you requested. I will hopefully be able to write tomorrow, sending this from my cell phone! Roger

#77
rogerbid

Posted 26 May 2020 - 03:05 AM

Member

Topic Starter
Member
255 posts

Hi Ron,

Sorry for the delay in replying, my internet connection was down for a lot of yesterday.

I have now managed to follow your last instructions and attach the following .txt files:

procexp64.exe > Edge Closed > VPN enabled > Battery disconnected > AC Power connected
procexp64 2.exe > Edge Closed > >VPN Disabled > Battery disconnected > AC Power connected
Hardware Interrupts and DPCs > Edge Closed > VPN Disabled > Battery connected > AC Power disconnected
Hardware Interrupts and DPCs 2 > Edge Closed > VPN enabled > Battery connected > AC Power disconnected
Hardware Interrupts and DPCs 3 > Edge Closed > VPN enabled > Battery connected > AC Power connected
Hardware Interrupts and DPCs 4 > Edge Closed > VPN Disabled > Battery connected > AC Power connected

At this point I installed Firefox (I did not get a check box offering ‘Import from Edge’ but checked ‘Content Process Limit to 1’ as instruct.)

7. Hardware Interrupts and DPCs 5 > Edge Closed >Firefox running > VPN enabled > Battery and AC Power connected

8. Hardware Interrupts and DPCs 6 > Edge Closed >Firefox running > VPN disabled > Battery and AC Power connected

I have looked at the .txt files and it appears the interrupts numbers shown there are consistently higher than those showing in the Process Explorer screen. I am not sure if I can attach a video to a post in this forum and will check that using my desktop PC shortly. For now however I will view a video taken on my phone and transcribe here the changing interrupts in succession when the last 2 files above were created. (I hope this makes sense! If I am successful in attaching the videos it will be clearer)

When file Hardware Interrupts and DPCs 5.txt was created figures displayed per second were:

1.14/1.11/1.10/1.10/1.14/1.16/1.24/1.21/1.17/1.17/1.44 (Figure in txt file is 2.37!)

When file Hardware Interrupts and DPCs 6.txt was created figures displayed per second were:

2.72/2.59/2.66/3.09/3.06/2.71/2.65/2.96 (Figure in txt file is 3.58!)

I have noticed similar discrepancies before, I should have said something, sorry. I don’t know if any of the above helps at all, I am now totally confused.

I do believe however that the laptop is very much better for all your efforts and I thank you again! Incidentally, since the slow boot yesterday I have timed the start ups today and it is very much better again, must have been a temporary thing!

Roger

Attached Files

procexp64.exe.txt 14.33KB 165 downloads
procexp64.exe 2.txt 13.99KB 149 downloads
Hardware Interrupts and DPCs.txt 12.92KB 133 downloads
Hardware Interrupts and DPCs 2.txt 13.22KB 138 downloads
Hardware Interrupts and DPCs 3.txt 13.08KB 153 downloads
Hardware Interrupts and DPCs 4.txt 12.77KB 144 downloads
Hardware Interrupts and DPCs 5.txt 14.47KB 149 downloads
Hardware Interrupts and DPCs 6.txt 12.94KB 147 downloads

Edited by rogerbid, 27 May 2020 - 01:26 AM.

#78
rogerbid

Posted 27 May 2020 - 01:22 AM

Member

Topic Starter
Member
255 posts

Hello Ron

As I suspected I am not able to attach video files, I reduced them to .flv format in case that helped but no luck. If there is a way to share these files please advise,

I will look forward to hearing more in due course, thanks,

Roger

#79
RKinner

Posted 27 May 2020 - 05:00 AM

Malware Expert

Expert
24,625 posts

ETDCtrl.exe seems to be present when Interrupts at highest.

Right click on the clock and select Task Manager

Then click on Startup tab.

Find ETDCtrl

in the first column and select it. Then Disable. Reboot.

This is part of the touchpad but I think it only provides the fancy stuff so you probably won't notice any difference.

What does Interrupts say now?

Video files would need to be 2 MB or less and would have to be zipped up to attach as the forum limits the types of files and the size you can post. You have to use a third party online file storage and send me the link. Something like one of these:

https://www.creative...e-tools-3132117

#80
rogerbid

Posted 27 May 2020 - 05:40 PM

Member

Topic Starter
Member
255 posts

Hello Ron,

I am attaching a new .txt file created with VPN Off, battery installed and AC power connected. Edge running.

I will try to send a link to the videos shortly in the hoped that they show something useful,

Best wishes,

Roger

Attached Files

Hardware Interrupts and DPCs 7.txt 13.43KB 144 downloads

#81
rogerbid

Posted 27 May 2020 - 05:55 PM

Member

Topic Starter
Member
255 posts

Here is a link to the 2 flv files, I hope you can get them OK. Firefox says the link will expire after one download so i will send again to give 2 opportunities to view

https://send.firefox...CIfOgsAwlMkHrrA

Roger

#82
rogerbid

Posted 27 May 2020 - 05:56 PM

Member

Topic Starter
Member
255 posts

2nd link as promised

https://send.firefox...ExTVVyzUUtce8Xg

#83
RKinner

Posted 27 May 2020 - 09:29 PM

Malware Expert

Expert
24,625 posts

I think you have another Microsoft Update going on in the Process Explorer log. I got a new one today too.

What is going on in the videos? Interrupts finally settles to a good value.

#84
rogerbid

Posted 28 May 2020 - 01:54 AM

Member

Topic Starter
Member
255 posts

I think you have another Microsoft Update going on in the Process Explorer log. I got a new one today too. I have checked Windows Updates and no activity is obvious, but the Security and Maintenance page shows it was active this morning. I am attaching two screen grabs in case they help

What is going on in the videos? Interrupts finally settles to a good value. I thought it worth trying to capture the screen on my phone, do you think we have done all we can now? I do believe the laptop is running very much better than before,

I look forward to hearing from you when you have a moment, thanks,

Roger

Attached Thumbnails

#85
RKinner

Posted 28 May 2020 - 04:53 AM

Malware Expert

Expert
24,625 posts

OK. It looks in the videos like it is doing OK. I guess the button you select is to turn off the VPN. We can always stop if you are happy with it.

#86
rogerbid

Posted 28 May 2020 - 06:31 AM

Member

Topic Starter
Member
255 posts

Hello Ron,

Thank you for your latest reply. I am reluctant to ask you to give yet more of your time to resolving issues when I can see that you have already helped me to make very significant improvements to the system. I have no doubt that my wife will notice these improvements immediately she starts to use the laptop.

However if you still think there are issues that can be eliminated, and more importantly are happy to continue despite the delays caused by our time differences, I am also happy to continue. I leave the decision up to you and assure you that I am most grateful for your patience and expertise in achieving the current level of performance.

You may recall we mentioned early on that I have my own laptop that could do with some debugging but suggest we defer any investigation for a few days to give you a break! Let me know how you feel about continuing with one or other device and we will go from there.

Thank you once again for your perseverance and I send you my very best wishes,

Roger

#87
RKinner

Posted 28 May 2020 - 08:01 AM

Malware Expert

Expert
24,625 posts

We can start on the next one any time. Forum is super slow right now and you are my only client. Give me the FRST logs, process explorer log and speccy log:

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Check the Addition.txt box
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Smart Screen, Windows Defender and Avast have all been blocking FRST recently. It's a false positive so pause your antivirus when downloading or running FRST. If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

#88
rogerbid

Posted 28 May 2020 - 10:28 PM

Member

Topic Starter
Member
255 posts

Hello Ron,

Thank you so much for your offer to start on my laptop straight away. I will prepare the first logs and send them asap. I saw your reply to another post earlier where you said you would create a new thread for someone's query - not sure if you want to do the same with this one as it is already up to 6 pages!

I started off my wife's topic with a scan for malware, do you want me to repeat the exercise with mine? I do think most of the problems on my laptop will be due to clutter rather than malware but how would I know!! I might have downloaded some bad stuff along the way!

I will write again shortly,

Best wishes,

Roger

#89
rogerbid

Posted 29 May 2020 - 03:53 AM

Member

Topic Starter
Member
255 posts

Hello Ron

I have followed your instructions and will attach the files you requested. (My initial attempt to post this reply with the .txt files pasted was too large so I am attaching the files instead. I hope this is OK for you.)

I am saddened to see on the News the current unrest in Minnesota. As a citizen of another country it is not for me to comment on such events, but I cannot write without expressing my concern for you and your fellow Americans. Know you are in our thoughts and prayers.

With best wishes

Roger

Attached Files

DESKTOP-7AI4U6K.txt 91.95KB 146 downloads
FRST.txt 271.84KB 153 downloads
junk.txt 14.4KB 149 downloads
RuntimeBroker.exe.txt 20.29KB 142 downloads
Addition.txt 32.93KB 142 downloads

#90
RKinner

Posted 29 May 2020 - 07:25 AM

Malware Expert

Expert
24,625 posts

Search for

task scheduler

hit Enter

Click on the arrow in front of Task Scheduler Library then

Click on the arrow in front of Microsoft

Click on the arrow in front of Windows

Click on Application Experience. In the next pane to the right, right click on each Task and Disable. Should be three tasks.

Click on Customer Experience Improvement Program. In the next pane to the right, right click on each Task and Disable. Should be two tasks.

Download OOSU10.exe:

https://www.oo-softw...com/en/shutup10

Download and Save it (You will get a popup while it's downloading. You can X out of it)
then Right click and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.

Close the program. We will reboot in a few minutes so no need to do it now.

Speccy says it is running a bit hot so:

Run Speedfan to monitor your temps in real time:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray. You can change it: Hit Configure then click on the highest temp and check Show in tray.

Win 10 hides icons by default so: Settings, Personalization, Taskbar, Select which Icons appear on Taskbar, then turn Speedfan ON.

With no other programs running what is the highest temp you see? Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes. What is the highest temp now?
We don't really want it to go over about 65 under load. If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink. However on some PCs this is major surgery. Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink. Don't do it too long as the fan may overrev.

Instead of an anti-virus scan or video in the above run the following fixlist. It should run for about 30 minutes & put enough load on the system to cause it to heat up:
Download the attached fixlist.txt to the same location as FRST

fixlist.txt 838bytes 141 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

Let's try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin. It will install and then start the program.
It will tell you to click on the Start button but there isn't one.
Instead click on the green arrowhead (looks like a Play button). Let it run for at least 20 seconds. Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

Click on the Drivers Tab. Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top then take a screen shot and post it. Click on the Processes tab then click on the column header once or twice until the big numbers are at the top. Take a screen shot and post it.