Complete lockup (no BSOD), icon corruption, folder settings forgotten

Hello All,
My Win7 computer is having all sorts of problems, so much so that I am wondering how many issues are behind it. They have gradually grown over a long period of time.

The most visible symptoms are:

• Icon corruption in the form of random icon overlays (like the 'shortcut' symbol, but for almost anything from a command box to a firewall symbol.)
• Folders forget view settings and thumbnails
• Newly added/moved files don't always show up in the folder
• Explorer sometimes very slow to refresh, with the green progress indicator along the top of a window taking minutes to do the last 5 or 10%
• Explorer often seems to use a lot of CPU even when not apparently doing anything.

Other things also seem to drive CPU up when I am not doing anything:

When I take a look at processes / task manager, and show processes from all users, I see MsMpEng.exe there (looking now its using 37% CPU, and varying around 80 Mb memory.)

After reading favourable reviews I bought and ran Auslogics BoostSpeed, which incorporates a registry fixer. It found literally thousands of registry errors, but the system was no different after I let it fix them. (I found online articles implicating registry issues for the forgetful folders)

I never get a full BSOD, (so no dumps), but it does sometimes freeze completely. By completely I mean that the display stays on, the mouse stops moving, no respose to any keyboard combination, if sound is playing the note hangs but keeps going. This happens every few days.

Things I have noticed about when it happens:

• It happens if I am using the PC or not.
• It is independent of temperature, (I had the temperature logging, and examined files after a crash).
• I can spot no particular software activity that correlates with it.
• I've tried disconnecting all sorts of USB devices in the hope of identifying one of them as the culprit, no luck.
• It seems that if a crash happens when I am out , if I turn the monitor on when I get back there is no display. I'm not sure if this means the crash may be different from a lockup while I am using it, when the display remains active.
• I have checked the system logs, there are no messages giving info, just something about restarting after an unexpected problem, (that's from memory, sorry I don't have the exact text to hand).

All clues very gratefully received,
Nick

After reading favourable reviews I bought and ran Auslogics BoostSpeed, which incorporates a registry fixer. It found literally thousands of registry errors, but the system was no different after I let it fix them. (I found online articles implicating registry issues for the forgetful folders)

Such programs should be avoid at all costs, they will cause more harm than anything else, keep in mind that those things never work as advertised. Such utilities can severely damage your system.

Perform a System Restore and roll back any negative changes caused by that program

Those symptoms point to a possible malware infection, run a scan of Malwarebytes (Free Version)

Run an SFC scan & a RAM Test
SFC /SCANNOW Command - System File Checker
RAM - Test with Memtest86+

Post back with your results

Thanks for such a prompt response.

Malware bytes is running, I think it will take several hours at least.

I'm a bit nervous about the system restore, this will mean going back about 5 weeks - is there a danger of losing anything more recent if I do this?

Nick

starbase1 said:

Thanks for such a prompt response.

Malware bytes is running, I think it will take several hours at least.

I'm a bit nervous about the system restore, this will mean going back about 5 weeks - is there a danger of losing anything more recent if I do this?

Nick

Only programs installed during this period will be affected, else your personal stuff will be left untouched.

The Malwarebytes run completed overnight, here are the results:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
Malwarebytes : Free anti-malware download

Database version: v2012.12.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nick :: TNB-W7 [administrator]

Protection: Enabled

01/12/2012 11:52:16
mbam-log-2012-12-02 (09-28-44).txt



Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 3106953
Time elapsed: 14 hour(s), 32 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
D:\Documents and Settings\Administrator\Desktop\Internet\LOIC.exe (PUP.HackTool.LOIC) -> No action taken.
D:\System Volume Information\_restore{5C424614-7C1B-4E8E-AB37-0C502C228B4D}\RP983\A0237775.exe (RiskWare.Tool.HCK) -> No action taken.
D:\System Volume Information\_restore{5C424614-7C1B-4E8E-AB37-0C502C228B4D}\RP983\A0237777.exe (RiskWare.Tool.HCK) -> No action taken.
E:\Users\Nick\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
E:\Users\Nick\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> No action taken.
E:\Users\Nick\Downloads\DownloadSetup (2).exe (Affiliate.Downloader) -> No action taken.
E:\Users\Nick\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> No action taken.
E:\Whizz\c-drive-whiz\Documents and Settings\Owner\Desktop\Utility\nero8x.exe (RiskWare.Tool.CK) -> No action taken.
F:\desktop backup\Internet\LOIC.exe (PUP.HackTool.LOIC) -> No action taken.

(end)

Now I'll move on to the next test.

E:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

E:\Windows\system32>

D:\Documents and Settings\Administrator\Desktop\Internet\LOIC.exe (PUP.HackTool.LOIC) -> No action taken.
D:\System Volume Information\_restore{5C424614-7C1B-4E8E-AB37-0C502C228B4D}\RP983\A0237775.exe (RiskWare.Tool.HCK) -> No action taken.
D:\System Volume Information\_restore{5C424614-7C1B-4E8E-AB37-0C502C228B4D}\RP983\A0237777.exe (RiskWare.Tool.HCK) -> No action taken.
E:\Users\Nick\Downloads\downloadmanager_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
E:\Users\Nick\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> No action taken.
E:\Users\Nick\Downloads\DownloadSetup (2).exe (Affiliate.Downloader) -> No action taken.
E:\Users\Nick\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> No action taken.
E:\Whizz\c-drive-whiz\Documents and Settings\Owner\Desktop\Utility\nero8x.exe (RiskWare.Tool.CK) -> No action taken.
F:\desktop backup\Internet\LOIC.exe (PUP.HackTool.LOIC) -> No action taken.

I noticed several potential malicious programs. Why was no action taken?

Next proceed with the RAM test.

Oh, I did take action and clicked the button to remove them as soon as the scan finished!

Sorry, I should have said so explicitly.

I plan to let the memory test chug overnight tonight.
Thank You,
Nick

PS - I was also looking again at the way that MsMpEng.exe (Antimalware Service Exutable) seems to be so active. I found suggestions that this could happen when antivirus programs were not uninstalled fully, but this does not appear to be the case.

The memory test ran for 8 hours overnight, without error.

At this point you should try a Repair Install

MsMpEng.exe is related to Microsoft Security Essential/Windows Defender. It should normally use around 80MB. As far as Windows Defender is concerned you should disable it if you're using another Antivirus software.