Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Telegram Desktop converts a paste into an attachment


  • Please log in to reply

#16
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

While we are in diagnostic mode - can I digress to a different issues but perhaps use the same tools ? For no apparent reason at all this morning, the PC froze. It just needed a reboot to regain normal function. Can I get a clue to the cause of the freeze from Event Viewer or ProcMon ? If so which and how ?


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


 


  • 0

#18
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

The attachments are in the wrong order because I had omitted 'attach this file' first time round.

 

No solution yet, but progress in diagnostic ability ....

Attached Files


  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

I'm going to have this moved to our Malware forum so I can have you run FRST so I can see what is going on.

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Smart Screen, Windows Defender and Avast have all been blocking FRST recently.  It's a false positive so pause your antivirus when downloading or running FRST.  If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.



Also

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#20
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

I noticed the Farbar default was '1 month' - that would include the time that I was using a clone of this system as system drive, to get away from frequent misbehaviour; but when I looked at the HDSentinal reports of the respective drives, I decided to return to this SSD as it's deemed to be 'perfect' - and the misbehaviour had mysteriously gone away - apart from the freeze I mentioned in a previous post.

 

I notice that in the Speccy report - Avira is live and well. That was never my intention, I just wanted it installed and ready for action should it ever be needed - but I have failed to render it dormant. I did NOT intend to have two antivirus both working. Same goes for Spybot - I used use it to scan the PC once in four weeks, but I see that it is 'permanently' enabled - against my intention !

Attached Files


  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP
Error: (02/08/2021 09:32:07 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x800 for Disk 4 (PDO name: \Device\00000081) failed due to a hardware error.

Assume Disk 4 is the same disk shown in Disk Management:

 

Search for

disk management

hit Enter.

 

Hopefully it's the Flash drive with letter A:  Appears to be sick.

 

You had McAfee at one time.

Their uninstaller really doesn't work well and leaves a lot of services running.   Go to:

 

https://download.mca...s/MCPR/MCPR.exe

 

Download, Save and then right click and Run As Admin.  This should remove most of the remnants.

 

Uninstall the following:

 

Adobe Flash Player 32 NPAPI - Flash is officially obsolete and the recommendation is to remove the program to prevent malware from using it.

Avira Security - As you can see having two antiviruses is not a good idea.
Spybot - Search & Destroy (32-bit) - Not really recommended for Win 10.  Their immunization really slows down your network.  Try to remove it when uninstalling.
Spybot Anti-Beacon

SUPERAntiSpyware - Worthless cookie finder.

 

Download the attached fixlist.txt to the same location as FRST
Attached File  fixlist.txt   23.68KB   22 downloads


Run FRST and press Fix.  Fix will remove a lot of dead wood and also check your system files so usually takes 25 minutes to run.  Be patient.  Will reboot when done.
A fix log will be generated please post that

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.


  • 0

#22
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

The Flash Drive (A:\) shows the least sign of malfunction in practice - performs very reliably. Whereas C:\ often disappears from THIS PC, and sometimes T:\, and even less so X:\ . C:\ being the system drive - it is quite embarrassing and inconvenient when the THIS PC window of Windows Explorer does not dis-play C:\. Will post this now, and report when I have done the suggested uninstalls.


  • 0

#23
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

I have done the recommended uninstalls, but am stumped at downloading your attached fixlist.txt to include in \FRST\


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

FRST says it is running from:

C:\Program Files\Farbar

 

So click on the fixlist and download it and save it in the folder:

 

C:\Program Files\Farbar

 

Then pause Avast so it doesn't eat FRST and just right click on FRST64 and Run As Admin.  Once FRST is up you just click on the FIX button.


  • 0

#25
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

'click on the fixlist and download it' is what had me stumped. But when I just clicked it then, it did indeed offer to download something, so progress inches ahead


  • 0

Advertisements


#26
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

"just right click on FRST64 and Run As Admin"

There is NO  FRST64 to click on - in any case, mine is a 32bit system.

Attached Thumbnails

  • FRST.JPG

  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

OK.  Very few 32 bits these days.

 

Did you rename FRST.exe to Farbar.exe?  That looks like the FRST logo.  Try it.


  • 0

#28
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

I had  installed Farbar in January last year - so hard to remember details - but my current version is dated today. I would have had NO reason to change the filename. I'll right-click Farbar.exe to choose 'Run as administrator'.


  • 0

#29
Basty

Basty

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

I noticed you wanted FRST run TWICE - once more with Addition.txt ticked - but it was already ticked when I started running it, so I include that log now, before running it a second time.

Attached Files


  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

Please run FRST and do a scan.  Post both logs.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP