Windows 7 PC gets very sluggish – CONTINUED

Topic

New Reply

This is a new thread intended to pick up the discussion where we left off in the original “Windows 7 PC gets very sluggish” thread. Below is the text of the last post, submitted by the anonymous contributor who signs as Garbo, followed by my reply. (BTW Garbo, your help has been very valuable; how about formally joining Woody’s?  🙂 )

OK. So the question now is: What has started DNS Client?

I think you wrote earlier that the DNS Client properties (in services.msc) showed no other service dependent on DNS Client, but we know that MS information is not always complete, so does the properties tab for any of the other services show a dependency on DNS Client? (My point: Service A dependent on service B, should show A dependent ON B in A’s properties and B depended on BY A in B’s properties. Check each of the service properties in services.msc to try to find what started DNS Client.)

If you just stop the DNS Client service (using services.msc) without any reboot does it restart? If it does restart what other PC activity takes place between stopping it and it restarting?

If it does not restart despite your normal PC usage and hence the RAM and CPU usage does not increase does your PC continue normal operation indefinately? If it does not get restarted then maybe something is starting it in error at PC startup and a work-around could be to stop DNS Client a short time after PC startup (either manually or using a scheduled task).

If DNS Client restarts due to one of your many security tools (I think someone earlier mentioned his/her VPN?), do you really need that security tool? (The consensus a few weeks ago was that you have a lot of security tools and some pruning would be a good idea. In pruning leave BitDefender until last – you need an AV but maybe do not need the other stuff. (BitDefender is widely used, your other things I had not heard of. I think we have considered MBAM enough – it is fine in scanner only mode without its service continually running with the “Start at PC Startup” slider at Off). What differences in security tools do you have between your faulty PC and your other PC(s) which are working OK? This may give a clue.

BTW: As my intention with these suggestions is just to see what causes DNS Client to start (assuming DNS Client is the cause of your problems), you do not need to wait several days for the sluggishness to return between changes/PC reboots, the thing to look for is the RAM usage continuing to increase, not the sluggishness. These several day gaps make it difficult to follow this thread.

HTH. Garbo.

Indeed, one of the frustrating things about this problem is precisely that the issue takes a day or two to re-emerge, and yet there’s been no way to tell for sure that the changes made have solved the problem, other than waiting to see if it comes back.

When you ask, “does the properties tab for any of the other services show a dependency on DNS Client?”, do you mean checking the Dependencies tab in the Properties that are offered when you right-click on a service in services.msc? Note that there are 189 services listed there, with 92 currently running; any paring that could be done on the number of services to be checked would be welcome.

As a possible shortcut, I clicked on the dependencies for DNS Client; check out below the lower pane which (supposedly) lists the “components” that depend on this service:

It claims there are none.

At your suggestion, I stopped Dnscache: it started back up within 3 seconds with a new PID. There was no time to do anything special or different on the PC. (I was still working on this post, but the service restarted before I could come back to the browser to resume typing.)

Aha! But now here’s a promising-looking clue. The last paragraph above, I wrote a while ago. In the meantime I’d gone back to look at some candidates for having a dependency on Dnscache, and then hit upon the idea of doing that screenshot, which took a few morr minutes. Next time I went back to Task Manager, svchost.exe had dropped out of sight (I have the list sorted by Working Set RAM usage). Scrolling down the list, I saw that, from around 200,000KB, RAM usage by Dnscache was back down to 27,000KB.

Now it might be interesting to see if the sluggishness is set back (delayed) indefinitely by stopping the DNS Client service at regular intervals before some threshold is reached. Wonder if it might even resolve the sluggishness once it does emerge, which of course would entail less work.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

satrow, Microfix

Reply | Quote

Replies

Just to get everyone up to speed, here is the state of things as of today, in terms of changes made to the PC. (It is entirely possible that I’ve missed listing something that was done.)

• Malwarebytes resident protection has been disabled.
• Spybot Search & Destroy’s TeaTimer (resident protection) has been disabled.
• The Foxit PhantomPDF plugin has been disabled in both Pale Moon and Internet Explorer.
• The following features in Heimdal PRO (now renamed Thor) have been disabled: DarkLayer Guard, VectorN Detection. Only X-ploit Resilience, the software updater, remains enabled (for the time being).
• The DNS Client service (Dnscache) has been set to Manual.

Prior to the original post, as part of my own attempts to address the issue the following services had been disabled in msconfig at the end of October:

• BitLocker Drive Encryption Service
• Fax
• GamesAppService

The following candidates for disabling or uninstallation have yet to be acted upon:

• Seagate Schedule2 service
• Seagate DiscWizard
• Windows Live
• Microsoft Silverlight
• Adobe Acrobat Update Service
• Heimdal PRO X-ploit Resilience (as noted above).

Four hours after stopping DNS Client (which then restarted on its own), RAM usage is back up to 88,000KB from 27,000KB.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

Microfix, satrow

Reply | Quote

@Cybertooth, did you remove Oracle Java? Not mentioned in your above list, or is it specifically for a prgram? Ref: #235102 for removal tool, if required. What version of Oracle Java is sitting on your PC? If Oracle java is not updated, it can provide exploits for miscreants to access a system. just sayin..

Windows - commercial by definition and now function...

Reply | Quote

Had to restart tonight again, this time after barely 24 hours’ uptime. Stopping DNS Client so that it would start fresh did not solve the issue.

For this round I have disabled the Seagate Scheduler2 service; if that fails to improve matters I’ll follow up with disabling the Adobe Acrobat Update Service and reboot. I have an old version of Acrobat (now supplemented by Foxit PhantomPDF which is current) and there ain’t no updates to be had from Adobe, so out with the updater service.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

Had to restart tonight again, this time after barely 24 hours’ uptime. Stopping DNS Client so that it would start fresh did not solve the issue.

Can you expand on the problem you hit, symptoms, signs, affected software etc? Did you check for errors in Event Viewer?

What’s been logged recently in Reliability Monitor (Control Panel\System and Security\Action Center\Reliability Monitor)?

1 user thanked author for this post.

Cybertooth

Reply | Quote

It was the same-old same-old: Web browsing got awfully slow until they simply started to time out trying to reach a new page or site; while the Start menu and other applications became slow to open, with the Taskbar graying out for a while until the program would open and the Taskbar went back to normal.

Event Viewer shows the following errors around the time the sluggishness was going on:

Session “Homegroup Log” failed to start with the following error: 0xC0000035

The print spooler failed to load a plug-in module C:\Windows\system32\spool\DRIVERS\x64\3\fpmvpr_ui.dll, error code 0xc1. See the event user data for context information.

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

The Superfetch service terminated with the following error:
The system cannot find the file specified.

Reliability Monitor doesn’t show any failures or critical events for last night. However, scrolling through the graph I see frequent “stopped working” events for Heimdal.ClientHost, not necessarily concurrent with the sluggishness or reboots.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Some more of my thoughts, once again pls correct me if i am wrong.

Garbo has the right idea with a particular Svchost/s and the climbing Working Memory sets.

Finding the culprit ( Program ) and its relation and dependencies ( particular program/s and its associated Svchost/s and DNS ) can be a needle in the haystack scenario.

In regards to DNS ( Domain Name System ), ….. makes me wonder what programs you use that are continually talking to a IP Address ( back to base so to speak ) as many different AV and Malware Progs do as they continually monitor and run behind the scenes.

Many will also turn back on ( even though you manually disable them ) on the next boot.

Within Processes one can right click the process and select Go to Service to see its relation.

In services.msc one can right click the service and select properties to see what its description and dependencies are.

On a side note 200,000 Kb equals approx 200 Megabyte which is high but not overtly high considering Chrome can use well beyond this figure in working sets of up to 400 Megabyte dependant on whats running and how many pages are open.

Myself, i would be inclined to firstly un-install Heimdal PRO X  / Spybot  as i myself have had many issues with this one and associated memory leaks / Foxit Phantom PDF which i have had issues with as well / Microsoft Silver light which i have had Memory Working Set run away`s and leaks with if you do not use them.

From there one by one of anything else i have installed but don`t use frequently. Admittedly this will leave many empty folders and links behind as many programs do not completely and cleanly un-install themselves but in any case they should not continue to run after being un-installed but remember to do a re-boot after un-installation as many require so.

Keep Malware bytes and one good AV for the time being.

Then continue to test.

Last resort, ….. a complete fresh install which can solve soooooo many issues as it clears out everything then re-install the OS / the Drivers required / AV / Updates / Browser and test before adding any more.

From there add one prog at a time and test to see if it causes the Memory Working Set to continually climb which can help in pin pointing the troublesome item.

Also makes me wonder if one of the items has a substantial memory leak.

 

1 user thanked author for this post.

Cybertooth

Reply | Quote

Thanks for the ideas. For sure this has been like finding a needle in a haystack.

We have honed in on the svchost.exe (Network Services) process that’s associated with DNS client (the Dnscache service). Its RAM usage grows steadily by 12-13,000KB/hour. But when the PC becomes unusable, total RAM use isn’t above 50% and CPU usage is far from the “tilt” zone: this has made pinpointing the problem so hard as there is no obvious, immediate cause-and-effect sequence.

For the next reboot I’m going to disable the one remaining Heimdal PRO feature, the software updater (searches for and installs patches for selected software automatically). If I go down to a single AV plus a single AM, it’ll be BitDefender and HitmanPro.Alert and the rest including Malwarebytes will be disabled or converted to on-demand.

On one of these rounds I will try an idea that Ascaris proposed, to run the computer off a Linux live CD for a couple of days. The purpose would be to rule out the presence of a hardware problem.

Monitoring note: Just noticed that, 18 hours after the last RAM usage report, RAM usage by svchost.exe is at 178,332KB. This is an increase of about 91,000KB since the last time, representing growth of about 5,000KB/hour. For what it’s worth, this is less than half what we have been observing (see my second paragraph in this post).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Garbo writes:

Since I was able to re-produce your “sluggishness when browsing” symptom a couple of weeks ago, my working assumption has been that the DNS Client (DnsCache) service has been using too many processor cycles in the core where it is running, so depriving other processes also sharing that core, enough cycles to run smoothly, hence “sluggishness”. As a follow-on exercise I temporarily changed my dual-core CPU to only use just one core (to see things more clearly) and repeated my experiment of the other week and I could see DnsCache using about 80% of all CPU cycles and the PC was almost unusable. This supports my theory, but in a more extreme way.

This reminded me of the program Process Lasso, whose primary purpose is to prevent a particular process using too many CPU cycles, preventing other processes getting enough cycles to perform responsively. (Disclosure: Process Lasso divides opinion. Some people are fans and would not run a PC without it. Others do not see much effect. Anyway…)

After changing my PC back to using all cores and rebooting I installed the latest Process Lasso. There are a lot of complex settings available, but I think it is best to leave most of these unchanged apart from 2 of them. At ‘Option > ProBalance Settings > Advanced options’:

1) Untick ‘Exclude systems services from restraint’ (we want to “restrain” the DnsCache “service” from monopolising its CPU core),

2) Tick “Disable CPU Core Parking during ProBalance restraint’ (general advice I picked up at a site like this).

I again started the “DNS Client (DnsCache)” service and did some browsing (which was slower than usual due to DnsCache running), but in the Process Lasso “Action Log” at the bottom of its window I did see that the “svchost (networkservice)” was being restrained i.e. its process priority was being adjusted on the fly by Process Lasso, to free CPU core cycles to be used by other processes. (The CPU % for this service’s process decreased a little.)

Now I don’t know if this would have much effect in your case, but it is another potential work-around to your general “sluggishness” problem, although maybe not for “browser sluggishness” in particular if browsing relies on DnsCache when it is running. Maybe some others here are fans of Process Lasso and can comment based on more experience than me?

I see from your summary above that you still have Windows Live installed despite writing previously that you did not know why. Given the late-201x era Microsoft enthusiasm for “the cloud” is anything in the “Live” bundle repeatedly making internet accesses, so making your DnsCache problems worse than they would otherwise be? If you don’t need any of this stuff I suggest that you uninstall it ASAP and don’t wait days for the next sluggishness/PC reboot as this stuff may be muddying the waters.

BTW: I mentioned a few weeks ago the program CleanMem, which attempts to free RAM not freed by an errant process back to the memory pool to be re-allocated to a different process. I see from your summary at the start of this follow-on thread that you have not installed it. It might improve your RAM issues more generally and I see no downside to having it.

HTH. Garbo.

 

1 user thanked author for this post.

Cybertooth

Reply | Quote

It’s going to be a busy afternoon and evening, so I’ll implement your suggestions tomorrow and report back.

I found one more potential candidate for uninstallation: the ESET Online Scanner, which is used occasionally as a second-opinion AV check.

It’s tempting to just uninstall or disable at once all the candidates (listed near the top of this new thread) to see if the problem finally goes away. If it does, then I could start re-enabling stuff until the problem comes back. This would be doing things in the direction opposite to the way we’ve been proceeding, disabling things one by one and waiting to see what happens each time.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

The Windows Live essentials set are local programs, with optional access to cloud things like facebook or photo services. It is unknown that they may present a vector for vulnerabilities, except not being able to support new things.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Garbo, that Process Lasso is a pretty cool program.  🙂

I followed your instructions. Unfortunately it looks like it may not help much in my case, since svchost.exe spikes to 12% of CPU resources, with the average usage at 4.76%, while the threshold in Process Lasso is 11%. (Not sure if fiddling with the thresholds is recommended.) The lower pane hasn’t shown any action taken with respect to svchost.exe. I do notice that during the spikes to 12%, the number of handles goes to about 260-262, then when the spike ends this settles back down at 252-254. Wonder if there’s a way to tell whaqt those handles are.

Another thing I noticed while poking around these tools. In Process Explorer, the TCP/IP tab in Properties for this svchost.exe (NetworkService) shows “www.facebook.com :llmnr” associated with the UDP protocol and the Dnscache service. Don’t know much about networking technology, but I’m wondering what this listing could mean, especially in light of the fact that I have “www.facebook.com” in my hosts file. This discussion of LLMNR was intriguing, but it went somewhat over my head and I don’t know what the bottom line is in my case. (For instance, is something on my PC trying to get around my hosts-file ban on connections to Facebook?)

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Garbo writes: Wrt your LLMNR reference above, I checked my W7 PC’s Registry (it is a W7 Home Premium PC so has no Group Policy Editor) and it does not have the indicated key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast’, but it is not on a LAN so maybe it is not needed?

I also checked a Registry .reg file I have accumulated of W10 privacy/security related tweaks and it does have a tweak setting this key to 0 to disable the feature, but no reference where I got that suggestion from. A quick web search found an interesting article at https://www.root9b.com/newsroom/blocking-local-network-hijacking-attacks/ which associates LLMNR with NetBIOS (another network protocol) as potential security weaknesses. I always disable NetBIOS in PCs on the recommendation of the Steve Gibson “ShieldsUP” firewall testing site. Maybe I/we should disable LLMNR as well?

Out of curiosity I created the Registry key and set it to 0, set the DNS Client service to Automatic and rebooted. The DNS Client was consuming nearly all of one of my CPU cores and browsing was slow as I experienced previously. So it appears that a 0 setting does not change the level of DNS Client CPU activity at least.

Out of further curiosity I then changed the key to 1 (to enable Multicast) and rebooted. This time the DNS Client was much quieter with little activity when the PC was idle. However when I started browsing, the DNS Client CPU activity increased and browsing became very slow as before. A short time later (maybe a minute?) Windows Firewall Notifier (WFN), which gives indications of unexpected outgoing accesses, indicated a UDP protocol access from local port 49395 by the DNS Client service to target port 5355 at target address 224.0.0.252. I tried to find a URL for this IP address at several conversion sites, but none recognised it (although one stated that addresses in the range 224.x.y.z are multicast sites which I guess is consistant with the Registry key name?). According to a list of UDP port numbers I have from Wikipedia, Port 5355 is used for “Link-Local Multicast Name Resolution (LLMNR), allows hosts to perform name resolution for hosts on the same local link (only provided by Windows Vista and Server 2008)”. (I may have an out of date printout – W7 not Vista, and the target address is not “on the same local link”. There is no explicit default policy outgoing rule for DNS Client service using UDP protocol to target port 5355 which is why (using WFN) I got the indication.) Is this the same sort of network activity you saw in Process Explorer?

So does your dodgy PC have the Registry key? If it does is it set to 0 or 1? Do the other PC(s) in your LAN which do not show these symptoms have the Registry key? Are they set to 0 or 1?

I do not have any answers here, but this may be an area you need to investigate further.

HTH. Garbo.

1 user thanked author for this post.

Cybertooth

Reply | Quote

? says:

here are some links for disabling the LLMNR:

https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/

https://www.cccsecuritycenter.org/remediation/llmnr-nbt-ns

https://computerstepbystep.com/turn-off-multicast-name-resolution.html

1 user thanked author for this post.

Cybertooth

Reply | Quote

Garbo, I just checked this. I don’t think I did it wrong, but a search in the registry for “DNSClient” didn’t yield any results at all!

Unfamiliar with registry jargon, so please bear with me. The items under the “Windows NT” folder (or whatever it’s called in this context) are System Restore, Terminal Services, and Windows File Protection. There is no DNSClient folder there, or apparently anywhere else in this PC’s registry.

Hope to get a chance to check the other Windows 7 PCs on the network Saturday for the presence or absence of DNSClient.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Garbo writes: This is a continuation of my earlier comments and following your 2 replies above, but if I reply to those individually the indentation will make it difficult to read 🙂

Of the 3 ‘?’ references, the 1st is the same as Cybertooth’s original, the 2nd is a shorter article similar to my reference and the 3rd lists all of the different methods (Group Policy Editor if you have a more expensive version of W7, command line, powershell or Registry Editor directly) to modify this key in the Registry. (All methods lead to this key in the end.)

There is some inverse logic in that the Policy is to forcibly “prevent” something running. So creating and “enabling” the Policy (setting the key to 0), forcibly disables LLMNR from running. (The various references suggesting 0 or 1 settings were confusing me, but this inverse logic explains it – I think!)

OK. On my PC I have not seen any evidence of LLMNR in the absence of the Policy. If I add the Policy and enable it i.e. set it to 0, I still see no evidence of LLMNR, but as it wasn’t there before that is not surprising. So for me having the Policy set at 0 may be an extra “belt and braces” security check to have, but will not change current PC operation. Now if I change the key to 1, to have a policy which now allows LLMNR, I then start to see new, unexpected outgoing internet accesses which my Windows Firewall Notifier (WFN) blocked and notified me about. So for me not having the Policy at all, or having the Policy and enabling it does not trigger the feature,  but for me having the Policy and disabling it, triggers the feature!

On your PC, if your unexpected “facebook.com : LLMNR’ outgoing accesses in your Process Explorer log are the same sort of thing as my unexpected outgoing LLMNR accesses, then it looks as if you have something else triggering these in the absence of the Policy (whereas I do not). So if the Policy does what I think it is supposed to, if you create the Policy and enable it with value 0 (using any of the methods in the 3rd ‘?’ reference which all result in the key with value 0 in the Registry), then this should prevent these outgoing LLMNR accesses. (If you have firewall/network logs before and after you should see a difference.) This may not improve your performance issue, but based on the references should improve your security.

BTW: I always disable NetBIOS as described at the end of the California Colleges reference (‘?’ 2nd ref), although I do this for both my wired Ethernet network adapter and my wireless network adapter, so separately for each. I also Disable the “TCP/IP NetBIOS Helper” service using “services.msc” as well.

HTH. Garbo.

 

1 user thanked author for this post.

Cybertooth

Reply | Quote

Garbo, thank you for the follow-up. Time is very limited today, but I’ll pursue this as soon as I get the chance to, hopefully tonight.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Just to clarify:  after a reboot, you login, and then the machine just sits there, correct?

NOTHING is running, right?

No VPNs, no streaming services, no torrents, no browsers, no web servers, just dead network silence?

What’s the primary purpose for this PC?

2 users thanked author for this post.

Cybertooth, satrow

Reply | Quote

This is my primary machine for research, so after the system settles down following a reboot, the first thing I do is to restore the previous browsing sessions in IE11 and Pale Moon, then proceed (as needed) to print items from the Web to PDF.

There are no VPNs or streaming or torrent services involved. I don’t have the PC set up to require a login, so I simply just go into Windows. But I couldn’t say for sure that “nothing” is running after a reboot. I suppose that (for example) BitDefender and Windows Update will do their thing after a reboot, and look for new patches and definitions.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Windows Essentials 2012 was a useful suite of five or six programs. Although support ended January 10, 2017, the software remains useful. Any installation now requires an offline installer. If you are using programs from this suite and uninstall them, it will be difficult to get them back.

Programs from this suite include, but are not limited to:
– Windows Live Mail 2012
– Windows Photo Gallery 2012
– Windows Movie Maker Version 2012

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Cybertooth

Reply | Quote

Uninstall any software you don’t use.

Uninstall any software that’s triggering errors in the Event logs, including Heimdal and Foxit (fpmvpr_ui.dll = Foxit).

Reboot and use Process Explorer with the lower pane set for .dlls, listed by Verified signer and then check Notepad, IE, Pale Moon, and Explorer for anything that doesn’t belong to the specific software, Windows, graphics supplier. Log anything suspect in Notepad.

Using DriverView #235362), check and list all 3rd party drivers.

Once you’ve reached the end of your session, check Event logs and Reliability Reports for errors and add those to the Notepad list and post it up here, with any comments and we’ll go through them.

[For reference on my system I have only one ‘3rd party’ .dll/font in Pale Moon (I don’t use IE), nothing in my alt. 2x browsers, Explorer or Notepad. No 3rd party drivers that I haven’t deliberately installed either.]

1 user thanked author for this post.

Cybertooth

Reply | Quote

The Reliability Monitor shows no critical events since Tuesday night. (That said, I did have to reboot due to the thread issue on Wednesday night.) I’m going to hold off on uninstalling additional things until and unless the sluggishness reappears, at which time I intend to uninstall or disable everything that’s on the list at the top of this new thread and also implement your suggestions.

In the meantime I’ll try to find out from the Foxit folks how to uninstall their software without burning up a license. Permanently uninstalling Foxit PhantomPDF would cripple this computer’s purpose as a vehicle for Web research: Adobe Acrobat X no longer handles many Web pages correctly, and I refuse to join their march to the cloud, pushed in more recent versions of Acrobat.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

I ended up following a modified version of @paulk’s stepwise procedure, in this round uninstalling the ESET Online Scanner and all of Heimdal/Thor, but leaving all other remaining candidates for uninstallation intact for the time being. Then I examined the DLLs for the four applications and the third-party drivers as you asked.

Nothing there is listed that doesn’t seem to belong. That is, everything listed is associated with a known company.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Guess what, now I can’t run Process Explorer, as it crashes within a few seconds of opening it. I tried running it both with and without elevated rights.

I can’t even post the error info as text here, as hitting the Submit button leads to a “403 – Forbidden” page claiming something about my trying to make a “potentially unsafe” operation.

Below is a screenshot with as much of the error info as can fit in the small window:

Update: Events Viewer shows two “Kernel-EventTracing” errors at about the same time I was trying to run Process Explorer:

Session “NT Kernel Logger” failed to start with the following error: 0xC0000035

“Application Errors” associated with Process Explorer itself read as follows:

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Looks like a buffer overflow, copy/paste the data from the dropdown please.

Reply | Quote

Copying and pasting the text from the dropdown is what led to the 403 errors when I tried to submit the thread post.

But here’s what they look like in Event Viewer (assuming the 403 error doesn’t come up again):

Faulting application name: procexp64.exe, version: 15.22.0.0, time stamp: 0x4ff5cf90
Faulting module name: procexp64.exe, version: 15.22.0.0, time stamp: 0x4ff5cf90
Exception code: 0xc0000417
Fault offset: 0x00000000000ca720
Faulting process id: 0x1c88
Faulting application start time: 0x01d489f1a24d309c
Faulting application path: E:\Downloads E\ProcessExplorer\procexp64.exe
Faulting module path: E:\Downloads E\ProcessExplorer\procexp64.exe
Report Id: e25c5526-f5e4-11e8-a048-4c72b91da94f

BTW I went to edit the previous post above yours and managed to add the first Event Viewer error, but after saving and going back in to add the second error, the “edit” option was gone. What you see quoted just before this paragraph is what I wanted to add at the end of that post.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Try running Process Explorer again after the next reboot and before running anything else, that might trigger an error with more useful data, like a .dll name, if it still fails to run.

1 user thanked author for this post.

Cybertooth

Reply | Quote

An alternate approach to testing (disabling or enabling) things one-at-a-time —
Take a binary process.
A. Test half of the set.
B. If fail, reset half of those; test again. Repeat iteratively.
C. If no fail, ASSUME that that half is OK. Reset these. Goto A, using the remaining half.
This isn’t guaranteed to work because there may be interactions between ‘halves’; that is, there may be AND constituents contributing.

Looking back at 237082 – RAM and CPU aren’t exciting — Perhaps you’ve posted this before and I’ve overlooked it: Is Resource Monitor indicating constant Disk activity, other than perhaps Paging?

Another thought, although I have no idea how one would diagnose this – Perhaps under certain conditions there occur lockouts between processes (A Waiting on B, and B Waiting on A (or C?) ), and the interlock is broken by another (timer?) interrupt that clears the locking. The CPU is idle during the standoff, but memory usage (for what data content?) is increasing because of repeated allocations due to code attempt-to-recover/restart. Far fetched perhaps, but we seem to be into that orbit.

1 user thanked author for this post.

Cybertooth

Reply | Quote

@paulk, Resource Monitor shows disk activity as low, no more than 124KB/sec Disk I/O and usually 4KB or even less. Of course, we haven’t checked know what these levels are when the system gets sluggish. I’ll keep Resource Monitor running in case we have another episode of slowness, and then (I hope) remember to look at the disk activity.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Hi Cybertooth, I have been having problems with my Windows 8.1 being slow and intermittently not loading webpages. I have been following your post with great interest. Thank you for your efforts and for the efforts of so many knowledgeable posters. I am starting to make headway with my OS’s issues using ideas posted. Wishing you success. Thank you to Woody also for his website.

2 users thanked author for this post.

Cybertooth, satrow

Reply | Quote

@Sueska, I’m sorry to hear that you’ve been having similar problems with your own computer, but I am glad that this thread has been of use to more than just me!

I’d be curious to learn if you manage to solve your PC’s issues.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth and others who are experiencing unexpected computer sluggishness, you might want to type “upnp vulnerability” into Google News. Or read these two Ars Technica articles:

https://arstechnica.com/information-technology/2018/11/mass-router-hack-exposes-millions-of-devices-to-potent-nsa-exploit/

https://arstechnica.com/information-technology/2018/11/a-100000-router-botnet-is-feeding-on-a-5-year-old-upnp-bug-in-broadcom-chips/

 

3 users thanked author for this post.

Grond, Cybertooth, woody

Reply | Quote

Looks like a trip into the router settings might be in order, to verify that UPNP is turned off.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Hello Cybertooth, GTP, and all, Steve Gibson has a UPnP tester along with File and Printer and Port testing.

https://www.grc.com/shieldsup

We have used Steve’s “Shields Up! site for over a decade. He has very useful information for security.

Sorry your problem still exists Cybertooth. I hope you figure it out.

a windows 7 user

1 user thanked author for this post.

Cybertooth

Reply | Quote

That is an excellent site!

I ran the UPnP test, and this PC passed. Also, the scan of the first 1056 ports showed all “green” results, meaning the ports are stealthed. In addition I scanned port 5000 (UPnP) and that, too, was good.

Michael Horowitz, the “Router Security” guy highly regarded by Woody, heaps praise on grc.com’s UPnP test:

Steve Gibson’s UPnP exposure test is the only way that I know of to test for UPnP being enabled on the WAN/Internet side of a router. Start at his ShieldsUP!, then click they gray “Proceed” button. On the next page click the big orange button labeled “GRC’s Instant UPnP Exposure Test”. I would take any router that fails this test out of service.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Another day, another reboot. Ho-hum…

This time, I’m taking a Macrium Reflect system image and, in addition, setting a restore point in preparation for the disabling/uninstallation of several things at one go.

As I waited, I decided to take a look at the Network activity in Resource Monitor. (See screenshot.) I was puzzled by the inclusion there of two suspicious-looking addresses (www.77zip.com and unallocated.barefruit.co.uk) that I had added to the hosts file just before rebooting. I checked the hosts file to make sure, and they’re still there. So, why are bits still being sent to and received from these addresses?

(Eagle eyes might notice the high disk activity so soon after a reboot. This is due to Reflect doing its thing when the screenshot was taken.)

A search on the Web (looked this up a while ago) suggests that “unallocated.barefruit.co.uk” is associated with the default settings from Verizon on our FiOS router for handling bad URLs. As to what “www77zip.com” might be, I have no clue. Typing that address into the browser leads to just such a “bad URL” type of page.

Any ideas what could be going on here?

Incidentally, Process Lasso was running when the sluggishness returned this morning: the red line in the graph (for “responsiveness”) never dipped from its course along the top of the graph, even when programs were “not responding” and browsers were balking at opening new Web pages. Maddening!!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

I checked the hosts file to make sure, and they’re still there. So, why are bits still being sent to and received from these addresses?

Hosts layout seems valid so it’s probably your security software checking them.

> “unallocated.barefruit.co.uk” check the spelling in hosts.

Barefruit’s guiding principle is to provide useful, relevant site suggestions instead of dead-end ‘This Page Cannot Be Found’ error messages.

^ AKA advertising.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Whoops! Nice catch, thanks.

Address corrected in the hosts file. Still getting a tiny amount of traffic to that barefruit site, though (4 bytes/second).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

You still have some corrections to make in the hosts layout, see
#237460 and follow up.

1 user thanked author for this post.

Cybertooth

Reply | Quote

nallocated.barefuit.co.uk may be associated with either a botnet or with DNS hijacking.

ww.77zip.com may be associated with an evader, or with spyware, or with a Trojan/Bot.

I removed the first letter for each of the above links in order to prevent anyone from clicking on these links

1 user thanked author for this post.

Cybertooth

Reply | Quote

I may be wrong and do request others to triple check, but I think Cybertooth hosts file that is shown in the picture / screenshot above, may be defective. Unless things have changed that I do not know about, hosts files were supposed to start with 127.0.0.1 localhost to tell computer to loopback to this machine. I do not see that in the above picture of the hosts file, but my eyes are old and not very good.

 

2 users thanked author for this post.

Cybertooth, satrow

Reply | Quote

Yes, you’re correct and my mistake above where I said it seemed valid (I should have spotted that as it’s not uncommon with the Spybot hosts file).

(0.0.0.0 can also be used as it’s also a localhost restricted address and it allows a slightly smaller file size.) All Cybertooth needs to do is remove the rem marks (# + Tab) in the 2 lines immediately above the first blocked IP.

2 users thanked author for this post.

Cybertooth, Lars220

Reply | Quote

Those of you commenting on the MVSP Hosts File mentioned here, please direct yourself to the author’s web site and read his notes as to why the file is built the way it is.

This Hosts file has nothing to do with Spybot.

Reply | Quote

It’s MVPS 😉 but in Cybertooth’s case, it’s all but 2 lines short of being a default SpyBot hosts file.

Reply | Quote

Yes, that’s correct — it’s the Spybot hosts file plus Facebook (and now “unallocated.barefruit.co.uk” and “www.77zip.com”).

BTW I fixed the first line as you suggested, thanks for letting me know.

 

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth, you can add lines as you are to the hosts file as you see fit. I have Spybot and other people’s lists and one of my own. I used to run NETSTAT in the background all the time years ago to see who was connecting and would add them to the Hosts file. This gets old so I used other peoples lists and let SpyBot do the current updating.

http://winhelp2002.mvps.org/hosts.htm

https://someonewhocares.org/hosts/

1 user thanked author for this post.

Cybertooth

Reply | Quote

Cybertooth’s host file has entries from Spybot – Search and Destroy

https://www.askwoody.com/wp-content/uploads/2018/11/77zipdotcom.png

Lars220 host file is from MVPS

http://winhelp2002.mvps.org/hosts.htm

the point is about the first line should be “localhost” whether 127.0.0.1 or 0.0.0.0

HTH Lars220.

1 user thanked author for this post.

satrow

Reply | Quote

127.0.0.1/8 is the correct IPv4 loopback address since being decided in September 1981. 0.0.0.0/8 is reserved only for devices needing to get a valid IP address on the network.

Reply | Quote

‘correct’ or not, in my non-sharing ‘network’ setting 0.0.0.0 instead of 127.0.0.1 for my hosts blocking file works just as effectively. It might be different in a larger SMB/Corporate scenario.

If you could explain how using 0.0.0.0 would have a negative affect upon Cybertooth’s PC or network it would be more useful.

1 user thanked author for this post.

ch100

Reply | Quote

Not really… 0.0.0.0 can also be host on a network, some Windows processes use that address and so if nothing else creates a conflict relating to certain ports I suppose it could work.

Cybertooth’s situation has taken another strange turn… 🙁

1 user thanked author for this post.

Cybertooth

Reply | Quote

I remember a time when 127.0.0.1 was not working as loopback address in the hosts file and as such I had to use 127.0.0.2 for that purpose. I don’t know if this is the case any longer, but it is not all black and white and not always behaving according to expectations and standards.
127.0.0.2 is also a valid standard loopback address, although not widely used.

1 user thanked author for this post.

satrow

Reply | Quote

Yes you see correctly, and the IPv4 address of all zeroes is not a valid destination address. So the rest the host file should be in order if all remaining sites are assigned zeroes. Also the IPv6 loopback address is correct.

Reply | Quote

Here are the last 3 lines in my Win 7 original Hosts, dated 06/10/2009 2:00 PM
= = = = =
# localhost name resolution is handled within DNS itself.
#       127.0.0.1       localhost
#       ::1             localhost
= = = = =
(Spaces above are generated by tabs ’09’, as Satrow states. Alignment is lost in posting.)

1 user thanked author for this post.

Cybertooth

Reply | Quote

Lars, the 127.0.0.1 localhost is normal, at least for me, to have in the HOSTS file. I have read/heard that starting with Windows 7 it may not be needed to have that line unREMed (the octothorp aka “pound sign” is used to REMark the line).

All my HOSTS files have that line active. For decades.

Reply | Quote

In relation to 77zip.com.

For more info on this go to :

https://77zip.com.cutestat.com/

I myself don`t like the look of it stat wise or know what it does.

Some of the more tech minded persons may know more about it and whether or not it can be removed.

1 user thanked author for this post.

Cybertooth

Reply | Quote

I checked “www.77zip.com” with Norton Safe Search on a different PC, and with URLVoid on this PC. The site checks out clean with Norton and 1/36 on URLVoid, with only Dr. Web blacklisting it. Still, I can’t reach the site by typing that address into a browser and it’s mysterious what the site does.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

The site is pretending to be 7-zip, a trusted software. Currently it’s using a redirect service, which is listed by hpHosts as:

Ad/tracking servers
This classification is assigned for domains being used for advert or tracking purposes

The 77zip site appears to be for sale, eventually redirecting to a site selling software widely regarded as a PUP.

There appears to be good reason for it to be blocked.

2 users thanked author for this post.

Elly, Cybertooth

Reply | Quote

Overnight, the PC failed to reach the Web, as BitDefender reported being unable to get a definitions update. And when I started performing operations on this computer, the Taskbar grayed out. I estimate that this time the PC ran well for approximately fourteen hours before the problem recurred.

And get this: RAM usage by svchost.exe (Network Services) was only 149,800KB. Not only did it not keep growing through the night, in fact it was much lower than it was when I went to bed last night (542,404). Total RAM usage was 35%.

This morning I uninstalled Windows Live Essentials 2011, Seagate DiscWizard, and Silverlight, and in msconfig disabled the Adobe Acrobat Update Service, then rebooted into the session during which this is being typed. We’ll see how long the computer runs for this time.

We will be spending most of the day out. I’ll be back tonight to see how things are going and to reply to the more complicated comments.  -:)

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

2 users thanked author for this post.

satrow, geekdom

Reply | Quote

Update on a couple of the data points we’ve been monitoring:

1. RAM usage by svchost.exe (NetworkService) nine hours ago was 117,040; right now it stands at 195,044. That’s an average growth in RAM usage of 8667KB/hour. This is about one-third less than it had been (> 12,000KB/hour) up until late this past week.
2. Connections to “www.77zip.com”, as listed in the Networking section of Resource Monitor, seem finally to have ended, at least for the time being. There is still a 3- to 11-bytes/second Send connection by svchost.exe (netsvcs) to “unallocated.barefruit.co.uk”.
3. Before going to bed last night, I poked around a bit in the router’s firewall, to see if I could sever the “77zip.com” connection. Using the parental controls feature, I entered that address and also the “www” variety into the blocked sites list, then applied it. After 10 minutes’ waiting, the PC’s connections to “77zip.com” persisted and I reverted the changes. Don’t know if I needed to wait longer or if it was necessary to reboot the router (the user manual didn’t say to reboot the router after this kind of change).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

I have gotten rid of the connections to “unallocated.barefruit.co.uk” by changing the DNS Server in the FiOS router, using these instructions to opt out of “DNS Assistance”.

Neither that nor “www.77zip.com” are now showing up in the network connections, according to Resource Monitor.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

1 user thanked author for this post.

satrow

Reply | Quote

Six hours after the last check, RAM usage by svchost.exe is 210,444KB, compared to 209,872KB that last time. Neither 77zip nor barefruit are anywhere to be seen in the Network section of Resource Monitor.

I’m hopeful that we have resolved that particular aspect of this PC’s troubles. It’s been running without issue now for almost 29 hours, but I won’t declare improvement in this regard until it’s run well for 72 hours straight (which would be longer than at any point since the troubles began).

Event Viewer shows 2 instances this afternoon of Event ID 7006 for Service Control Manager:

The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

English, please!  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

Event Viewer shows 2 instances this afternoon of Event ID 7006 for Service Control Manager:

The ScRegSetValueExW call failed for Start with the following error:
Access is denied.

English, please!

Not experienced that, searching indicates it’s very likely to be AV associated, eg. Eset pulled one build because of this (complicated Thread, an amalgam of several).

1 user thanked author for this post.

Cybertooth

Reply | Quote

Hmm… don’t know if could have anything to do with this error, but one of the programs I uninstalled in the last round before this current session was the Eset Online Scanner (an on-demand AV).

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Take a look through the Scheduled Tasks in Management, ignore the MS listings, we’re looking for one that’s (probably) AV/security-related.

Reply | Quote

Should I be looking for a scheduled task to take place around the time of the errors? Task Scheduler includes only 10 items, and none of them is set to run anywhere near the time of those errors.

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Look for a security-related non-MS task.

Reply | Quote

There’s only one scheduled task that fits the description: the Bitdefender Agent WatchDog (this name followed by a long string of alphanumerical characters), which in the column “Last Run Time” says “Never.”

If you expand the Task Scheduler Library, you can see a folder for Norton 360 and another one for Norton Internet Security; however, clicking on them shows these to be empty.

P.S. One further data point. I went into Event Viewer, and noticed that a restore point had not been created even though a Windows Defender had been installed. When I tried to create a restore point by hand, I got an error, “Access is denied. (0x80070005)”

Could this error be related (causally if not chronologically) to the ScRegSetValueExW error in Event Viewer that we discussed earlier on Sunday? There, too, it says that “Access is denied.”

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth, if the last item was ESET and you feel it may had left some items behind, look into this ESET support detailing uninstalling the program with their uninstaller.

Information and the uninstaller to download. It -may- be a good idea to run their uninstaller. https://support.eset.com/kb2289/

Note they do say, “After using the ESET Uninstaller Tool, you may be required to reinstall your network adapter drivers. Follow the steps below to back up your network adapter settings and restore them after uninstallation is finished:”

This -may- be a good thing for you too if you are having any internet issues.

My goal was for an uninstaller for your ESET Online you had.

Go take a look and see what you think.

2 users thanked author for this post.

Cybertooth, satrow

Reply | Quote

Thanks very much for researching this, I’ll take a look at it on Monday.

It’s a bit frightening that the network drivers may need to be reinstalled. This was only an on-demand Eset scanner, not the main memory-resident product, so hopefully it won’t come to that.

In the meantime, the Internet issues do seem to have diminished (knock on wood). Uptime since the last reboot is now at over 37 hours, and RAM usage by “svchost.exe (Network Service)” is static at 210,252KB tonight, vs. 209,872KB already a day and a half ago. Computer is showing no signs of slowness opening programs or difficulty reaching the Internet. Yet.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

To summarize what others have written:

• Uninstall everything not in use.
• Make sure you do a complete uninstall of unused software.

3 users thanked author for this post.

Elly, satrow, Microfix

Reply | Quote

PC uptime at 61+ hours and counting.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Uptime without issues at 74 hours. No RAM memory usage growth (whether fast or slow) detected. No more sluggishness opening applications, and Taskbar not turning gray.

Looks like the problem’s solved.  🙂

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Reminder: You’ve said that before ( LOL) 🙂

2 users thanked author for this post.

Microfix, satrow

Reply | Quote

LOL

But this is the longest the machine has managed to run for without a problem in the last three months. Typically it’s turned to molasses within 48 hours, sometimes a little more and more often quite a bit less.

Fingers crossed…

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Dare we put a RESOLVED in the resolution drop down at the top of the thread?
fingers crossed indeed.

Windows - commercial by definition and now function...

Reply | Quote

Originally, I thought that 72 hours would be a sufficient amount of time to wait before concluding that things had gotten better. Bearing in mind @pkcano’s warning just above our posts, what do you say we give it another day or two?

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Try for at least a full week.

Reply | Quote

OK, it’s been more than six days without incident now. I think it’s safe to say that we’re out of the woods, and that any new issues likely would not be related to whatever plagued this machine for so long.

Thanks to everyone who read and suffered along with me throughout this pair of long threads, and thanks for the many ideas contributed by so many different people. The conversation grew into almost an encyclopedia for troubleshooting PC problems, and I hope that it will serve others well in dealing with their own balky computers.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth, we are happy you got your computer running right. Could you please put a “solved” comment of some sort and the solution that you think lead to your success?

Either a “solved” paragraph right after the first post here or at the very end.

We all learned a lot from this and many people benefited.

Thank you.

a windows 7 user

1 user thanked author for this post.

Cybertooth

Reply | Quote

a windows 7 user,

Please see my reply to Garbo, below. What I said there (both explanation and appreciation) also applies to you.  🙂

I will take Microfix’s suggestion and declare this question Resolved.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

“ The conversation grew into almost an encyclopedia for troubleshooting PC problems, and I hope that it will serve others well in dealing with their own balky computers. ”

I entirely agree: I’ve found both threads very interesting indeed. Thanks, Cybertooth, for sticking it out, and to all who sent those informative comments.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Cybertooth

Reply | Quote

Cybertooth.
Please briefly describe what you finally did to fix/work-around this issue i.e. what changed between the last bout of sluggishness and now which might explain things.
It is unclear from the final round of comments, but these suggest it may have been as a result of Hosts file changes, or blocking 1 (or 2?) web-sites in your router (not your PC), or as a result of more uninstallations of unused programs. The sequence between changes, reboots and sluggishness is unclear.
Thanks. Garbo.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Garbo, unfortunately we’re unlikely to be able to pinpoint any one reason for the resolution of the problem. The symptoms were always slow to emerge and it would have taken a very long time (as well as a heck of a lot more patience) to make just a single change after each reboot and wait.

But I can report the set of things that I did leading up to or right after the last reboot, after which the problem seems to have gone away at long last. Here they are, in no particular order:

• Added “77zip.com”, “www.77.zip.com,” and “unallocated.barefruit.co.uk” to the hosts file.
• Reverted the entries in the hosts file from 0.0.0.0 to 127.0.0.1.
• Opted out of “DNS assistance” by changing the DNS server in the ISP’s router, which finally put an end to the PC’s connections to barefruit.co.
• Uninstalled Windows Live Essentials 2011, Seagate DiscWizard, and Microsoft Silverlight; and disabled the Adobe Acrobat Update Service and the Windows Live Mesh for ActiveX controls. Uninstalled the Eset Online Scanner.
• In Task Scheduler, disabled the Adobe Acrobat Update Task, the AviatorUpdateTask (for the alternative browser, Aviator, which I seldom use and may eventually uninstall), and a task called User_Feed_Synchronization, which the description says “Updates out-of-date system feeds.”

At the end of it, I couldn’t even say that it was any particular one of these changes that did it. It could have been a combination of elements that weren’t working well together and now one or more of them were eliminated, thus resolving the issue.

Thank you very much for helping me out through this long process!

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

To All involved in this semesters worth of IT, Kudos!!! I was glad to see Black Viper mentioned as he is a great resource. I was surprised that Bitdefender didnt turn out to be involved….Ive had my isssues with them as well as Macrium Reflect(great advice there too!) I’m exhausted from the last 3 hrs of reading this…ny hair hurts!! Again KUDOS
Don

1 user thanked author for this post.

Cybertooth

Reply | Quote