Jump to content

Memory leak


Go to solution Solved by AdvancedSetup,

Recommended Posts

  • Root Admin

Thank you

I believe this is the support page for your motherboard, but don't take my word for it. Please double-check and make sure

https://rog.asus.com/us/motherboards/rog-crosshair/rog-crosshair-viii-hero-wi-fi-model/helpdesk_download

I'd like you to try reinstalling your network drivers to see if that will correct the errors in the Event Logs

There is possibly an update from Realtek - but one must be careful as Asus may not have validated it for use yet. So, don't install the one from Realtek unless you're into beta testing or Do-It-Yourself work on a computer.

https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-usb-3-0-software

 

Then I want to also have you run the following fix which will try to unlock that Hyper-V type file and delete it. If you need to use the Hyper-V again you'd need to reinstall the drivers for that.

 

Also, there is an error in Windows Defender it looks like so let me have you run our MBST tool one more time to do a CLEAN removal, but this time please do not allow the tool to reinstall Malwarebytes just yet. We'll put it back in again soon.

 

 

What are  you using this program for? Not sure why FRST is flagging it at this point.

Task: {D875C9B6-ECA1-436C-822B-B3C1A9E14B5E} - System32\Tasks\IPFilter => C:\Users\Fractal\AppData\Local\IPFilter\IPFilter.exe [221288 2020-03-16] (David Moore -> David Moore) <==== ATTENTION

 

Are you using or did you install this? Nothing wrong with the program just rare to see a home user have it installed is all

C:\Program Files\PostgreSQL

 

After you uninstall Malwarebytes with the MBST tool, restart the computer. then run the RogueKiller program you have there and post back its log.

 

Then run the following fix as well.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

5 minutes ago, AdvancedSetup said:

Thank you

I believe this is the support page for your motherboard, but don't take my word for it. Please double-check and make sure

https://rog.asus.com/us/motherboards/rog-crosshair/rog-crosshair-viii-hero-wi-fi-model/helpdesk_download

I'd like you to try reinstalling your network drivers to see if that will correct the errors in the Event Logs

There is possibly an update from Realtek - but one must be careful as Asus may not have validated it for use yet. So, don't install the one from Realtek unless you're into beta testing or Do-It-Yourself work on a computer.

https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-usb-3-0-software

 

Then I want to also have you run the following fix which will try to unlock that Hyper-V type file and delete it. If you need to use the Hyper-V again you'd need to reinstall the drivers for that.

 

Also, there is an error in Windows Defender it looks like so let me have you run our MBST tool one more time to do a CLEAN removal, but this time please do not allow the tool to reinstall Malwarebytes just yet. We'll put it back in again soon.

 

 

What are  you using this program for? Not sure why FRST is flagging it at this point.

Task: {D875C9B6-ECA1-436C-822B-B3C1A9E14B5E} - System32\Tasks\IPFilter => C:\Users\Fractal\AppData\Local\IPFilter\IPFilter.exe [221288 2020-03-16] (David Moore -> David Moore) <==== ATTENTION

 

Are you using or did you install this? Nothing wrong with the program just rare to see a home user have it installed is all

C:\Program Files\PostgreSQL

 

After you uninstall Malwarebytes with the MBST tool, restart the computer. then run the RogueKiller program you have there and post back its log.

 

Then run the following fix as well.

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt 292 B · 0 downloads

Thanks

 

Hi

I will look in to it first thing tomorrow.

Thank you for taking your time to figure out what is the problem.

Link to post
Share on other sites

  • Root Admin

Sounds good.

the IPFilter looks to be from here:  https://github.com/DavidMoore/ipfilter

But, that project hasn't had any updates for 2 years and no major work 5 years. Might be why it's being flagged.

 

The logs show that the system is running one or more P2P torrenting programs.

The act of torrenting itself is not illegal. However, downloading and sharing unsanctioned copyrighted material is very much illegal, and there is always a chance of getting caught by the authorities.
Torrenting non-copyrighted material is perfectly fine and is allowed. We have seen an increase in malware being bundled with software downloads over P2P.
Please keep in mind when sharing files that you're increasing the risk that your system might get infected. Scan all files prior to running them.

I recently have had a couple of users that had downloaded junk that we could not clean up well enough and they ended up having to format and reinstall Windows. Be careful and make sure you have good solid backups of your data.

 

 

Link to post
Share on other sites

  • Root Admin

Thank you for the logs.

The Event Logs show that you have files, folder locations in your Windows Search index that are not working correctly. I would highly suggests you fully rebuild the Windows Search index.

How to Reset & Rebuild Windows Search Index Completely
https://www.winhelponline.com/blog/reset-rebuild-windows-search-index-fix-problems/

How to Reset and Rebuild Search Index in Windows 10
https://www.tenforums.com/tutorials/58569-rebuild-search-index-windows-10-a.html

 


However, you also appear to potentially have some issues with your VSS (Volume Shadow Copy Service) so you might want to try to fix that as well

 

Please download and run the following  Volume Shadow Copy Service (VSS), Diagnostic Tool, from Acronis

Acronis VSS Doctor

Free tool for diagnosing and repairing Volume Shadow Copy Service issues. Download link on the bottom of the page.
Download - Acronis VSS Doctor

In many cases, it can correct the issues on its own. If not, then it will give details on what may be causing the issues. Please save the report in text format and post back that log on your next reply.


You can also try the tool from Macrium Reflect if the Acronis tool did not work.

Macrium Reflect Volume Shadow Copy Service (VSS) Repair Tool


Once you've run the repair tool you need to restart your computer.
Then check your Event Logs to see if the error was corrected. You can post new logs from FRST which will also show the Event Log entries 

 

After all of these fixes, please restart the computer one more time. Then let me know if you're still experiencing any issues where Malwarebytes is consuming memory like it did before.

Thank you

 

Link to post
Share on other sites

18 hours ago, AdvancedSetup said:

Thank you for the logs.

The Event Logs show that you have files, folder locations in your Windows Search index that are not working correctly. I would highly suggests you fully rebuild the Windows Search index.

How to Reset & Rebuild Windows Search Index Completely
https://www.winhelponline.com/blog/reset-rebuild-windows-search-index-fix-problems/

How to Reset and Rebuild Search Index in Windows 10
https://www.tenforums.com/tutorials/58569-rebuild-search-index-windows-10-a.html

 


However, you also appear to potentially have some issues with your VSS (Volume Shadow Copy Service) so you might want to try to fix that as well

 

Please download and run the following  Volume Shadow Copy Service (VSS), Diagnostic Tool, from Acronis

Acronis VSS Doctor

Free tool for diagnosing and repairing Volume Shadow Copy Service issues. Download link on the bottom of the page.
Download - Acronis VSS Doctor

In many cases, it can correct the issues on its own. If not, then it will give details on what may be causing the issues. Please save the report in text format and post back that log on your next reply.


You can also try the tool from Macrium Reflect if the Acronis tool did not work.

Macrium Reflect Volume Shadow Copy Service (VSS) Repair Tool


Once you've run the repair tool you need to restart your computer.
Then check your Event Logs to see if the error was corrected. You can post new logs from FRST which will also show the Event Log entries 

 

After all of these fixes, please restart the computer one more time. Then let me know if you're still experiencing any issues where Malwarebytes is consuming memory like it did before.

Thank you

 

Hi

Here are the logs. I ran the command line as admin but indexing troubleshooter came with error that pdf and the capture is showing. I don't know if Acronis fixed anything. Anyway, IMHO my system is fixed. What do you think

 

msdt.exe -ep SystemSettings_Troubleshoot_L2 -id SearchDiagnostic

NT.PNG

Task manager.PNG

AcronisVSSDoctorReport_2021-04-30-17-58-09.txt Addition.txt FRST.txt AcronisVSSDoctorReport_2021-04-30-19-18-28.txt AcronisVSSDoctorReport_2021-04-30-19-12-01.txt SearchDiagnostic.pdf

Link to post
Share on other sites

  • Root Admin

Yes, overall the logs indicate things look pretty good except for your Mozilla Maintenance service. The error repeated again today. The VSS check says all was okay so that was probably just a temporary issue.

 

System errors:
=============
Error: (04/30/2021 07:16:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MozillaMaintenance service terminated with the following error:
Incorrect function.

Error: (04/30/2021 05:28:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MozillaMaintenance service terminated with the following error:
Incorrect function.

Error: (04/30/2021 12:46:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MozillaMaintenance service terminated with the following error:
Incorrect function.

Error: (04/29/2021 06:35:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MozillaMaintenance service terminated with the following error:
Incorrect function.

Error: (04/29/2021 05:28:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MozillaMaintenance service terminated with the following error:
Incorrect function.

 

You might try downloading the Firefox installer again and see if you can install over the top of Firefox to see if it can fix that error or not. It could be something else causing it to fail.

Or, you could look at disabling or removing it too if wanted.

https://support.mozilla.org/en-US/kb/what-mozilla-maintenance-service

https://borncity.com/win/2020/08/07/windows-10-mozilla-dienste-verursachen-sporadische-freezes-abstrze/

 

I can go ahead and close the topic if you like just let me know

Take care

 

Link to post
Share on other sites

  • Root Admin
  • Solution

Only Staff and Experts can view your logs but I can remove the logs if you like or even remove the entire post if you like. The purpose for leaving posts is in the hopes to help future users that come along looking for a fix where they might be able to do the fix on their own without even posting for help. That way you potentially help dozens or hundreds with a similar issues.

 

Link to post
Share on other sites

26 minutes ago, AdvancedSetup said:

Only Staff and Experts can view your logs but I can remove the logs if you like or even remove the entire post if you like. The purpose for leaving posts is in the hopes to help future users that come along looking for a fix where they might be able to do the fix on their own without even posting for help. That way you potentially help dozens or hundreds with a similar issues.

 

In that case no need to delete anything. Thank you very much for helping out.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.