Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Recurring "Clicking" noise which shuts down Windows.


  • Please log in to reply

#1
ira_gaines

ira_gaines

    Member

  • Member
  • PipPipPip
  • 139 posts

Hi there,

 

I’ve had my PC since late 2013.  Around August last year it periodically started making a strange noise that it never had before.  It sounded like something scratching against something else, then a revving noise, and then the normal “processing” sound.  Once it started doing this it wouldn’t stop and would basically stop/interrupt all other functions in Windows.  Generally i shut the PC down (which this issue also made slower) before it could go any further but sometimes if left for too long it would cause the PC to go to a memory restore screen.  This issue was sporadic and sometimes it would happen a couple of times a week and then not happen at all for a month even though I was using the PC in exactly the same way.  Anyhow the PC operating system busted in January this year and I took it to the seller and they reinstalled it.  The PC has worked totally fine from then (early Feb) until a couple of days ago when the scratching noise has started again with same results.
 
Taking it to get fixed again isn’t a problem since I’m insured and they’re very quick but I’d really like to know why this is happening and how to stop it in future.  Like I said it worked fine from early Feb till now after it had come back from the shop so presumably whatever they did fixed the original problem but what would cause it to re-emerge?

 

Thanks for any assistance.

 

 

System details

 

OS Name   Microsoft Windows 8.1
Version 6.3.9600 Build 9600
Other OS Description  Not Available
OS Manufacturer Microsoft Corporation
System Name  IDEA-PC
System Manufacturer LENOVO
System Model   C540
System Type x64-based PC
System SKU LENOVO_MT_C540
Processor Intel® Core™ i3-3240 CPU @ 3.40GHz, 3400 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date  LENOVO I0KT33AUS, 23/08/2013
SMBIOS Version 2.7
Embedded Controller Version  255.255
BIOS Mode UEFI
BaseBoard Manufacturer   LENOVO

 

 

Thanks for any assistance.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Bad hard drive, bad fan, bad audio driver?
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10-20 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

 

 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

  • 0

#3
ira_gaines

ira_gaines

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

Thanks for the reply.  Here's the information as requested and I also attached the Speccy File.  Thanks a lot.

 

 

Process Explorer File

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 97.54 0 K 4 K 0   
procexp64.exe 1.44 28,352 K 57,112 K 5172 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
YCMMirage.exe 0.49 1,904 K 6,476 K 2408 YouCam Mirage CyberLink (Verified) CyberLink
mcapexe.exe 0.21 3,968 K 9,368 K 5508 McAfee Access Protection McAfee, Inc. (Verified) McAfee
Interrupts 0.08 0 K 0 K n/a Hardware Interrupts and DPCs  
System 0.06 2,812 K 1,196 K 4   
dwm.exe 0.06 21,268 K 30,824 K 868 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 0.05 2,484 K 31,724 K 572 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
LMS.exe 0.02 1,328 K 4,564 K 2816 Local Manageability Service Intel Corporation (Verified) Intel Corporation
explorer.exe 0.01 58,500 K 99,736 K 2352 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
RIconMan.exe 0.01 1,644 K 5,940 K 296 Realtek Card Reader Patch Tool. Realsil Microelectronics Inc. (No signature was present in the subject) Realsil Microelectronics Inc.
WmiApSrv.exe 0.01 1,316 K 5,508 K 4236 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
ServiceHostApp.exe < 0.01 37,244 K 7,732 K 252 Service Host App Pokki (Verified) Pokki
iexplore.exe < 0.01 27,708 K 63,256 K 988 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
iPodService.exe < 0.01 1,928 K 6,160 K 3596 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
CLMLSvc.exe < 0.01 2,140 K 7,908 K 3104 CyberLink MediaLibray Service CyberLink (Verified) CyberLink
AppleMobileDeviceService.exe < 0.01 3,068 K 10,168 K 1336 MobileDeviceService Apple Inc. (Verified) Apple Inc.
iexplore.exe < 0.01 114,304 K 146,780 K 952 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
iCloudServices.exe < 0.01 33,328 K 53,104 K 3328 iCloud Services Apple Inc. (Verified) Apple Inc.
services.exe < 0.01 3,716 K 7,884 K 660 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 64,616 K 76,816 K 344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
iTunesHelper.exe < 0.01 3,892 K 12,896 K 3284 iTunesHelper Apple Inc. (Verified) Apple Inc.
csrss.exe < 0.01 2,512 K 4,796 K 488 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
YouCamTray.exe  1,844 K 7,264 K 2052 CyberLink YouCam Tray CyberLink Corp. (Verified) CyberLink
WmiPrvSE.exe  19,792 K 27,156 K 4912 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  1,432 K 7,872 K 628 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  824 K 4,008 K 552 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UNS.exe  3,356 K 11,040 K 80 User Notification Service Intel Corporation (Verified) Intel Corporation
taskhostex.exe  38,364 K 45,032 K 2168 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  15,240 K 22,992 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  22,428 K 39,476 K 944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  17,292 K 21,936 K 896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,928 K 11,584 K 740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  4,680 K 9,252 K 784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  8,628 K 16,528 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  8,220 K 14,536 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  3,328 K 10,124 K 1452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,620 K 5,676 K 2804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,556 K 4,972 K 5980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe  1,328 K 5,860 K 7160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe  3,544 K 9,836 K 1208 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  284 K 996 K 324 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
ServiceStartMenuIndexer.exe  14,224 K 700 K 3472 Start Menu Service Pokki (Verified) Pokki
ServiceHostAppUpdater.exe  4,928 K 680 K 2584 Service Host App Updater Pokki (Verified) Pokki
ServiceHostApp.exe  53,784 K 4,720 K 3724 Service Host App Pokki (Verified) Pokki
Service.exe  812 K 3,312 K 1636   (No signature was present in the subject)
secd.exe  5,056 K 16,472 K 4060 Apple Security Manager Apple, Inc. (Verified) Apple Inc.
SearchIndexer.exe  24,968 K 25,424 K 4504 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe  2,780 K 8,168 K 6876 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RichVideo64.exe  1,132 K 4,520 K 1748 RichVideo Module  (Verified) CyberLink
RAVCpl64.exe  3,444 K 9,708 K 3200 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe  4,996 K 10,244 K 3252 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe  2,344 K 7,904 K 7036 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe  25,280 K 16,564 K 2368 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
PEFService.exe  1,204 K 5,176 K 4112 Intel Security PEF Service Intel Security, Inc. (Verified) McAfee
PDVD10Serv.exe  1,288 K 5,956 K 2688 PowerDVD RC Service CyberLink Corp. (Verified) CyberLink Corp.
pcee4.exe  29,772 K 724 K 2380 Dolby Profile Selector Dolby Laboratories Inc. (Verified) Dolby Laboratories
NLSSRV32.EXE  676 K 2,872 K 1688 This service enables products that use the Nalpeiron Licensing System  Nalpeiron Ltd. (Verified) Nitro PDF Software
NitroPDFDriverService8x64.exe  880 K 3,420 K 1656 Nitro PDF Spool Service Nitro PDF Software (Verified) Nitro PDF Software
ModuleCoreService.exe  15,516 K 35,248 K 3716 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
ModuleCoreService.exe  7,048 K 24,424 K 3268 McAfee Module Core Service McAfee, Inc. (Verified) McAfee
mfevtps.exe  27,852 K 30,152 K 4712 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mfevtps.exe  1,964 K 5,104 K 4680 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mfemms.exe  1,920 K 6,060 K 3148 McAfee Management Service McAfee, Inc. (Verified) McAfee
mfefire.exe  2,628 K 7,756 K 4740 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
mfefire.exe  1,408 K 4,824 K 5192 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
mDNSResponder.exe  1,388 K 4,896 K 1368 Bonjour Service Apple Inc. (Verified) Apple Inc.
McUICnt.exe  46,716 K 66,404 K 4176 McAfee McAfee, Inc. (Verified) McAfee
McSvHost.exe  33,112 K 12,056 K 1112 McAfee Service Host McAfee, Inc. (Verified) McAfee
mcshield.exe  230,104 K 225,492 K 2896 McAfee Scanner service McAfee, Inc. (Verified) McAfee
mcsacore.exe  19,056 K 5,108 K 4824 McAfee WebAdvisor McAfee, Inc. (Verified) McAfee
mchost.exe  2,348 K 8,068 K 6440 McAfee Host McAfee, Inc. (Verified) McAfee
McCSPServiceHost.exe  6,264 K 16,632 K 6128 McAfee CSP Service Host McAfee, Inc. (Verified) McAfee
McClientAnalytics.exe  3,000 K 8,264 K 6716 AnalyticsSDK Intel Security (Verified) McAfee
lsass.exe  6,844 K 13,868 K 668 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
JME_LOAD.exe  1,496 K 6,012 K 3096 Lenovo_LOAD  (No signature was present in the subject)
Jhi_service.exe  1,052 K 4,548 K 1552 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
igfxTray.exe  12,796 K 18,224 K 392 igfxTray Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxHK.exe  5,060 K 10,136 K 1008 igfxHK Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxEM.exe  7,352 K 13,684 K 704 igfxEM Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxCUIService.exe  1,504 K 6,300 K 352 igfxCUIService Module Intel Corporation (Verified) Intel Corporation - pGFX
IdeaTouch.LocalDataServer.Education.exe  26,656 K 26,492 K 1480 IdeaTouchDataServer.EducationPortal Microsoft (No signature was present in the subject) Microsoft
iCloudPhotos.exe  14,292 K 30,320 K 3676 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
iCloudDrive.exe  17,000 K 35,328 K 3660 iCloud Drive Apple Inc. (Verified) Apple Inc.
hotkey.exe  1,240 K 5,876 K 4052 Lenovo Black Silk USB Keyboard Lenovo (No signature was present in the subject) Lenovo
HeciServer.exe  1,208 K 5,196 K 1520 Intel® Capability Licensing Service Interface Intel® Corporation (Verified) Intel® Upgrade Service
FlashUtil_ActiveX.exe  4,332 K 9,896 K 368 Adobe® Flash® Player Utility Adobe Systems Incorporated (Verified) Microsoft Windows Third Party Application Component
dllhost.exe  1,528 K 5,644 K 5556 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DdMgr.exe  24,788 K 21,028 K 1400 DdMgr Microsoft (Certificate expired) Microsoft
conhost.exe  804 K 3,520 K 4132 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe  8,336 K 10,824 K 4552 Windows Audio Device Graph Isolation  Microsoft Corporation (Verified) Microsoft Windows
APSDaemon.exe  4,588 K 14,620 K 3692 Apple Push Apple Inc. (Verified) Apple Inc.
AppleIEDAV.exe  3,784 K 11,544 K 3400 Apple IE DAV Apple Inc. (Verified) Apple Inc.

 

 

 

Event Viewer Log (System)

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 01/06/2017 14:15:56

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/06/2017 12:52:31
Type: Error Category: 1012
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 01/06/2017 12:52:24
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 01/06/2017 12:52:17
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 01/06/2017 12:34:58
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Module Core Service service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 01/06/2017 12:11:44
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The McAfee Home Network service hung on starting.

Log: 'System' Date/Time: 01/06/2017 12:09:58
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/06/2017 10:08:04
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 01/06/2017 10:07:54
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 01/06/2017 08:29:47
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee OOBE Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 01/06/2017 08:29:47
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service service to connect.

Log: 'System' Date/Time: 31/05/2017 23:47:33
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee OOBE Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/05/2017 23:47:33
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service service to connect.

Log: 'System' Date/Time: 31/05/2017 23:33:55
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee OOBE Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/05/2017 23:33:55
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service service to connect.

Log: 'System' Date/Time: 31/05/2017 23:21:33
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 31/05/2017 23:21:16
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 31/05/2017 23:14:49
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee OOBE Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/05/2017 23:14:49
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service service to connect.

Log: 'System' Date/Time: 31/05/2017 23:03:08
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 31/05/2017 22:59:05
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service McNaiAnn with arguments "Unavailable" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/06/2017 12:59:42
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:40
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:30
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:27
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:21
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:11
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:09
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:05
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:03
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:57
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:57
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:55
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:53
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:52
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:51
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:34
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:26
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:25
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:24
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:10
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

 

 

 

Event Viewer Log (System)

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 01/06/2017 14:15:56

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/06/2017 12:52:31
Type: Error Category: 1012
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 01/06/2017 12:52:24
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 01/06/2017 12:52:17
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 01/06/2017 12:34:58
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee Module Core Service service failed to start due to the following error:  The system cannot find the file specified.

Log: 'System' Date/Time: 01/06/2017 12:11:44
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The McAfee Home Network service hung on starting.

Log: 'System' Date/Time: 01/06/2017 12:09:58
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/06/2017 10:08:04
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 01/06/2017 10:07:54
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 01/06/2017 08:29:47
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee OOBE Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 01/06/2017 08:29:47
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service service to connect.

Log: 'System' Date/Time: 31/05/2017 23:47:33
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee OOBE Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/05/2017 23:47:33
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service service to connect.

Log: 'System' Date/Time: 31/05/2017 23:33:55
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee OOBE Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/05/2017 23:33:55
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service service to connect.

Log: 'System' Date/Time: 31/05/2017 23:21:33
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 31/05/2017 23:21:16
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Interactive Services Detection service terminated with the following error:  Incorrect function.

Log: 'System' Date/Time: 31/05/2017 23:14:49
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee OOBE Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 31/05/2017 23:14:49
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the McAfee OOBE Service service to connect.

Log: 'System' Date/Time: 31/05/2017 23:03:08
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 31/05/2017 22:59:05
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service McNaiAnn with arguments "Unavailable" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/06/2017 12:59:42
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:40
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:30
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:27
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:21
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:11
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:09
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:05
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:59:03
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:57
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:57
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:55
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:53
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:52
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:51
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MvtApp.exe pid (6836) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:34
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:26
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:25
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:24
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

Log: 'System' Date/Time: 01/06/2017 12:58:10
Type: Warning Category: 256
Event: 516 Source: mfehidk
Process **\MVT620F.tmp pid (4460) contains signed but untrusted code, but was allowed to perform a privileged operation with a McAfee driver.

 

 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looks to me like the hard drive is failing.  Not surprising as it's a Seagate and they just do not last.

 

01
Attribute name Read Error Rate
Real value 0
Current 120
Worst 99
Threshold 6
Raw Value 000E300C20
Status Good
...
07
Attribute name Seek Error Rate
Real value 0
Current 86
Worst 60
Threshold 30
Raw Value 001BC77125
Status Good
...
Attribute name Command Timeout
Real value 17,180,132,783
Current 100
Worst 1
Threshold 0
Raw Value 00000405AF
Status Good
BD
Attribute name High Fly Writes (WDC)
Real value 4
Current 96
Worst 96
Threshold 0
Raw Value 0000000004
Status Good
...
C7
Attribute name UltraDMA CRC Error Count
Real value 16,342
Current 200
Worst 99
Threshold 0
Raw Value 0000003FD6
Status Good

 

 

 
The drive is a moving part so what you hear may be the drive searching for the correct spot and retrying over and over.  If it's getting loud enough to hear then it will probably fail in the near future so back up any data you don't want to lose.  You can get Seatools for Windows from Seagate and run the extended or long test and see if the drive passes.  http://www.seagate.c...loads/seatools/
but I doubt that it will.
 
Your McAfee anti-virus has major problems and needs to be reinstalled.  I would use a fresh download.  Assume you have a license so save the license before uninstalling/reinstalling.

  • 0

#5
ira_gaines

ira_gaines

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
My Mcafee "broke" due to the system crashing yesterday but I already dealt with that. Like I said, when I brought it to get fixed in January all they did was replace the operating system. If this problem is caused by the hard drive is there any reason why the problem would stop for three months just because they replaced the OS while the same hard drive remained? I just want to get as much info as possible before I take it back.

For future reference, can I ask what the data you highlighted is in reference to please?


Thanks for your help.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I assume they reloaded the OS and put it on a section of the hard drive that was still good.   Now you have added data and are using the bad sections of the drive again.  If it fails the Seatools for Windows test then you have a good reason to ask for a replacement hard drive.   

 

The highlighted data should be 0.  Actually on most drives you would expect to see 0 on the real values and on the raw values but Seagates seem to always have raw values in the errors.


  • 0

#7
ira_gaines

ira_gaines

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

 The highlighted data should be 0.  Actually on most drives you would expect to see 0 on the real values and on the raw values but Seagates seem to always have raw values in the errors.


What do the numbers represent though? Thanks
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

http://www.argusmoni...om/en/smart.php


  • 0

#9
ira_gaines

ira_gaines

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

 

The drive is a moving part so what you hear may be the drive searching for the correct spot and retrying over and over.  If it's getting loud enough to hear then it will probably fail in the near future so back up any data you don't want to lose.  You can get Seatools for Windows from Seagate and run the extended or long test and see if the drive passes.  http://www.seagate.c...loads/seatools/

but I doubt that it will.

 

I ran the Seatools Long Generic, Short DST, SMART Check and Fix All Long Tests.  They all came back as passes.  Could this mean that it's something other than the hard drive that's causing the problem? Thanks


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Does it still click?  Might be an intermittent problem with the drive.   Do you hear the clicking with the speakers mutied?  

 

We can run dism and see if it finds anything wrong with the operating system.

 

Open an elevated command prompt:
 
 
If you open an elevated command prompt it will by default open in c:\Windows\system32
 
Once you have an elevated command prompt:
 
Now Type(with an Enter after each line):
 
 
DISM  /Online  /Cleanup-Image  /RestoreHealth
 
 (I use two spaces so you can be sure to see where one space goes.)
This will take a while to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 
sfc  /scannow
 
 
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
 
 
 
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

  • 0

#11
ira_gaines

ira_gaines

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

Does it still click?  Might be an intermittent problem with the drive.   Do you hear the clicking with the speakers mutied?  

 

 

 

The clicking noise does happen when the speakers are muted and it certainly isn't coming from them.  It actually started again when I tried to enter the first elevated command prompt line, and carried on until the computer restarted itself after going to a blue screen which said "Your PC encountered a problem and needs to restart itself...".  I don't know if this makes a difference but usually when it shuts down (or I shut it down) in response to the clicking ,the PC usually needs to be left off for a bit otherwise the clicking will begin again while the computer is starting up

 

DISM  /Online  /Cleanup-Image  /RestoreHealth

 

When I was eventually able to carry this out, it came back with a message "Error: 1009.  The configuration registry database is corrupt".

 

 

sfc  /scannow

 

I've tried this several times after rebooting but it's not allowing me to do it.  It comes up with the messages "Beginning system scan. This process will take some time" and then "Windows resource protection could not perform the requested operation".


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

This is an indication that your registry is corrupted.  (Reloading Windows will be needed to fix it but it will come back unless they find the cause.)  Again it sounds like the hard drive is making mistakes since that's where your registry is stored.  It also sounds like it's temperature related since you have to wait for it to cool off before it will run again.  If you force a disk check it will probably find and repair some files but it's doubtful that will repair the registry.

 

http://www.tomshardw...sk-windows.html

 

Another possible cause of registry corruption is bad RAM.   Run the built-in Memory Test:

 

http://support.rm.co...cref=TEC3222505

 

I would do the Extended test with about 6 passes.  This will probably run all night so let it run while you sleep.  If this test passes then you can rule out the motherboard, memory and power supply.  

 

That just leaves the hard drive and its connector.  I suppose there could be some corrosion in the connector.  Removing the drive and reinstalling it might help but it still sounds like the drive going to me.

 

Run Speedfan to monitor your temps in real time:

 
 
 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
 
It will tell you your temps in real time.  The default is to show the hard drive temp in the systray when speedfan is minimized.  (You will have to tell Windows to let you see the icon.  There is a section on doing this after the win 10 stuff on:  https://www.howtogee...s-in-windows-7/ )
 
Leave Speedfan running and watch the drive temp.  See if the temp hits a certain value when it starts clicking.

  • 0

#13
ira_gaines

ira_gaines

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

 

This is an indication that your registry is corrupted.  (Reloading Windows will be needed to fix it but it will come back unless they find the cause.)  Again it sounds like the hard drive is making mistakes since that's where your registry is stored.  It also sounds like it's temperature related since you have to wait for it to cool off before it will run again.  If you force a disk check it will probably find and repair some files but it's doubtful that will repair the registry.

 

http://www.tomshardw...sk-windows.html

 

Another possible cause of registry corruption is bad RAM.   Run the built-in Memory Test:

 

http://support.rm.co...cref=TEC3222505

 

I would do the Extended test with about 6 passes.  This will probably run all night so let it run while you sleep.  If this test passes then you can rule out the motherboard, memory and power supply.  

 

I did the Extended Test with 6 passes and it came back as "The Windows Memory Diagnostic tested the computer's memory and detected no errors".  The problem hasn't recurred in the past couple of days, but I've not been using the PC that much.  Any further advice? 

 

Also, I don't know if it makes a difference but I looked at the Event Viewer and it had a number of "Warnings" with the disk as the source and many of them correspond to the times when these events took place recently. Here are some examples;

The IO operation at logical block address 0x394f5f40 for Disk 0 (PDO name: \Device\00000031) was retried.
The IO operation at logical block address 0x3946d80 for Disk 0 (PDO name: \Device\00000031) was retried.
The IO operation at logical block address 0x5234932 for Disk 0 (PDO name: \Device\00000031) was retried.

 

 

Thanks


Edited by ira_gaines, 04 June 2017 - 04:25 AM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

I think the hard drive is failing.  Even if it passes Seagate's test there is something wrong.with it that only shows up once in a while.  Your error messages point to Disk 0 which is the hard drive.  These are probably related to the Command Timeout errors we saw earlier.  Some of the articles on command timeouts point at the cabling and power supply as possible sources.  You don't have a cable with an all-in-one.  It just plugs into a connector.  I suppose there could be some corrosion so removing the drive and replugging it a few time might help or changing out your power adapter but siince it is a Seagate and I have had really bad experience with them I lean toward the drive. .  


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP