Jump to content

Recommended Posts

@lucalvo
 
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

@honeypot
 
It is okay that you're trying to help, but in this forum section we work 1 on 1 with topic opener. 
 
@lucalvo
 
It seems that you have some hardware problems based on errors below:
 

Error: (12/30/2015 01:53:40 PM) (Source: iaStor) (EventID: 9) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error: (12/30/2015 01:53:13 PM) (Source: iaStor) (EventID: 9) (User: )Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Usually this message is being posted due to hardware problems with either the controller or, more likely, a device that is attached to the controller in question. The hardware problems can be associated with poor cabling, incorrect termination or transfer rate settings, lazy or slow device responses to relinquish the SCSI bus, a faulty device, or, in very rare cases, a poorly written device driver.

 

Can you check your hard drive cables and see if they are properly attached and cleansed from dust?

Link to post
Share on other sites

Thanks for looking at the txt files.  I checked the hard drive cables and they were firmly attached.  There was no dust.  Unfortunately, the computer is still sluggish.  This is an HP desktop that is only 1 year old.  Can you give me some direction as to how I can resolve this problem?

Link to post
Share on other sites

Eagle, I think that it's malware because I check the Windows Task Manager process tab and see 15 "Chrome.exe *32" with 10,000 - over 200,000k memory.  Maybe that doesn't mean anything, but the computer does seem to operate correctly although sluggishly and not letting me complete malware scans.

Link to post
Share on other sites

Picture taken from my computer:
 
post-167802-0-08670500-1451691150_thumb.
 
So, that is quite normal. Chrome.exe*32 means that you use 32-bit application on 64-bit operating system. A lot of user make a mistake thinking that this is malware. If you install 64-bit Google Chrome, that you can do, you won't see 32 at the process name.
 
We clarified that. 
 



Next thing is that your PC isn't infected, I didn't spot signs of malware in your reports. Slow running computer isn't always the cause of malware infection. 
 
There are some hardware errors that indicate something is not right, probably some hard drive problem. I am 99.99% sure that this is the cause of slowness.
 
Let's see if we can do something:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type devmgmt.msc and click OK.
  • Expand IDE ATA/ATAPI controllers, right click it and choose Uninstall.
  • Check Delete the driver software for this device. Confirm with OK. When done, restart your PC.
  • After restart, let Windows install the driver. One more restart will be needed.

When done please proceed with this step:
 
 
cmd_icon.png Check Disk

  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
  • Check Disk report:
    • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
    • In the left panel, expand Windows Logs and then click on Application.
    • Now, on the right side, click on Filter Current Log.
    • Under Event Sources, check only Wininit and click OK.
    • Now you'll be presented with one or multiple Wininit logs.
    • Click on an entry corresponding to the date and time of the disk check.
    • On the top main menu, click Action > Copy > Copy Details as Text.
    • Paste the contents into your next reply.
Link to post
Share on other sites

Log Name:      Application

Source:        Microsoft-Windows-Wininit

Date:          1/2/2016 2:59:05 AM

Event ID:      1001

Task Category: None

Level:         Information

Keywords:      Classic

User:          N/A

Computer:      Lu-computer-HP

Description:

 

 

Checking file system on C:

The type of the file system is NTFS.

Volume label is Windows.

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

CHKDSK is verifying files (stage 1 of 5)...

  227840 file records processed.                                         

 

File verification completed.

  1190 large file records processed.                                   

 

  0 bad file records processed.                                     

 

  2 EA records processed.                                           

 

  10071 reparse records processed.                                      

 

CHKDSK is verifying indexes (stage 2 of 5)...

  299682 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

CHKDSK is verifying security descriptors (stage 3 of 5)...

  227840 file SDs/SIDs processed.                                        

 

Cleaning up 264 unused index entries from index $SII of file 0x9.

Cleaning up 264 unused index entries from index $SDH of file 0x9.

Cleaning up 264 unused security descriptors.

Security descriptor verification completed.

  35922 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

The USN Journal entry at offset 0x12ddcfb80 and length 0x2afefb68 crosses

the page boundary.

Repairing Usn Journal file record segment.

  37509648 USN bytes processed.                                            

 

Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

Read failure with status 0xc0000185 at offset 0x670674000 for 0xc000 bytes.

Read failure with status 0xc0000185 at offset 0x670679000 for 0x1000 bytes.

Windows replaced bad clusters in file 150160

of name \PROGRA~2\IObit\ADVANC~2\ANTIVI~1\Plugins\EMFDEF~1.UPD.

  227824 files processed.                                                

 

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

  91129221 free clusters processed.                                        

 

Free space verification is complete.

Adding 1 bad clusters to the Bad Clusters File.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

 

 478565375 KB total disk space.

 113593588 KB in 168362 files.

    108132 KB in 35923 indexes.

         4 KB in bad sectors.

    346767 KB in use by the system.

     65536 KB occupied by the log file.

 364516884 KB available on disk.

 

      4096 bytes in each allocation unit.

 119641343 total allocation units on disk.

  91129221 allocation units available on disk.

 

Internal Info:

00 7a 03 00 06 1e 03 00 e8 ad 05 00 00 00 00 00  .z..............

86 32 00 00 57 27 00 00 00 00 00 00 00 00 00 00  .2..W'..........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

 

Windows has finished checking your disk.

Please wait while your computer restarts.

 

Event Xml:


  <System>

    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />

    <EventID Qualifiers="16384">1001</EventID>

    <Version>0</Version>

    <Level>4</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2016-01-02T07:59:05.000000000Z" />

    <EventRecordID>24679</EventRecordID>

    <Correlation />

    <Execution ProcessID="0" ThreadID="0" />

    <Channel>Application</Channel>

    <Computer>Lu-computer-HP</Computer>

    <Security />

  </System>

  <EventData>

    <Data>

 

Checking file system on C:

The type of the file system is NTFS.

Volume label is Windows.

 

A disk check has been scheduled.

Windows will now check the disk.                         

 

CHKDSK is verifying files (stage 1 of 5)...

  227840 file records processed.                                         

 

File verification completed.

  1190 large file records processed.                                   

 

  0 bad file records processed.                                     

 

  2 EA records processed.                                           

 

  10071 reparse records processed.                                      

 

CHKDSK is verifying indexes (stage 2 of 5)...

  299682 index entries processed.                                        

 

Index verification completed.

  0 unindexed files scanned.                                        

 

  0 unindexed files recovered.                                      

 

CHKDSK is verifying security descriptors (stage 3 of 5)...

  227840 file SDs/SIDs processed.                                        

 

Cleaning up 264 unused index entries from index $SII of file 0x9.

Cleaning up 264 unused index entries from index $SDH of file 0x9.

Cleaning up 264 unused security descriptors.

Security descriptor verification completed.

  35922 data files processed.                                           

 

CHKDSK is verifying Usn Journal...

The USN Journal entry at offset 0x12ddcfb80 and length 0x2afefb68 crosses

the page boundary.

Repairing Usn Journal file record segment.

  37509648 USN bytes processed.                                            

 

Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

Read failure with status 0xc0000185 at offset 0x670674000 for 0xc000 bytes.

Read failure with status 0xc0000185 at offset 0x670679000 for 0x1000 bytes.

Windows replaced bad clusters in file 150160

of name \PROGRA~2\IObit\ADVANC~2\ANTIVI~1\Plugins\EMFDEF~1.UPD.

  227824 files processed.                                                

 

File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

  91129221 free clusters processed.                                        

 

Free space verification is complete.

Adding 1 bad clusters to the Bad Clusters File.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

 

 478565375 KB total disk space.

 113593588 KB in 168362 files.

    108132 KB in 35923 indexes.

         4 KB in bad sectors.

    346767 KB in use by the system.

     65536 KB occupied by the log file.

 364516884 KB available on disk.

 

      4096 bytes in each allocation unit.

 119641343 total allocation units on disk.

  91129221 allocation units available on disk.

 

Internal Info:

00 7a 03 00 06 1e 03 00 e8 ad 05 00 00 00 00 00  .z..............

86 32 00 00 57 27 00 00 00 00 00 00 00 00 00 00  .2..W'..........

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

 

Windows has finished checking your disk.

Please wait while your computer restarts.

</Data>

  </EventData>

</Event>

Link to post
Share on other sites

It seems there are some read failure errors that now verify my story that something is wrong with your hard drive. We need to test it out.
 
 
For this operation you'll need to obtain USB Flash drive. Please download the following tools to your Desktop:

 

Now we need to install hard drive test tool to your USB Flash device. Plug it into your PC and make sure to save all content from it because it will be deleted.

  • Unpack ViVARD archive to your Desktop and start the Rufus tool.
  • Under Device make sure that your USB Flash drive is selected.
  • Beside Create a bootable disk using, you need to choose DD Image and next to it click on cd icon.
  • Now navigate to extracted ViVARD folder and select image.img

post-167802-0-82638500-1451778876_thumb.

  • Click Start, and click OK. In few seconds the operation will be completed and you should see READY.

 

Next thing we need to do is to boot your USB device. 

  • Restart your PC and keep pressing F12 until you are presented with Boot Menu.
  • Now you need to select your USB device by pressing the Enter button, something similar like on the image below:

post-167802-0-08520200-1451779707_thumb.

  • In the next window where it shows you 3 options, just press the Enter button.
  • Now ViVARD will search for your hard drive:

Tuto%20UBCD-2013-01-26-13-18-54.jpg

  • When it finds your hard drive you should see window like this. Use keyboard arrows to select your hard drive with red rectangle and press the Enter button. You should see Selected disk windows on the right.

Tuto%20UBCD-2013-01-26-13-19-07.jpg

  • Again by using keyboard arrows navigate down, select Surface test with remap and press Enter

Tuto%20UBCD-2013-01-26-13-19-16.jpg

  • Then you can choose to test a range of sectors on your hard disk. To fully test your hard drive, simply press 2 times the Enter button.
  • ViVARD will now test your hard drive and attempt to "repair" bad sectors. It should take couple of hours to complete.
  • Once the test is complete, the percentage (Percent) will be 100% and the line "Log file is Kept in report.txt" will be displayed in green at the top of the screen.

Tuto%20UBCD-2013-01-26-13-24-46.jpg

  • You can now simply restart your computer by holding Ctrl + Alt + Delete buttons.
  • When you get back to Windows, open your USB Flash device and VIVARD folder you should see REPORT.TXT document. Please attach it into your next reply.
Link to post
Share on other sites

I got as far as hitting the f12 key until I saw some boot writing.  I am now stuck at a black screen with the following writing:

Attempting Boot From USB Device

FreeDOS_

the underscore is blinking.  I'm not sure what to do.  How long will it attempt to boot from the USB device?  I clicked Esc and got a beep.  It also beeps if I try to type something.

Link to post
Share on other sites

ok, I did a CTR-ALT-DLT and then F9 to boot up from the hard drive.  I then restarted the computer again and kept hitting f12.  The boot agent spun around and around and then wrote: "no boot filename received" then went back to "Attempting Boot From USB Device" "FreeDOS".  I'm not sure what to do.

Link to post
Share on other sites

I looked at the table and think I should follow HP generic because I have an HP Compaq 6000 Pro SFF PC so I hit Esc repeatedly instead of f12

I've looked around the internet all day to see if I can figure out the problem.  I tried reformatting the stick with the HP USB Disk Storage Format Tool but that didn't change anything.   Whether I hit Esc or f12 I still get "no boot filename received" followed by "Attempting Boot From USB Device" "FreeDOS"

The FreeDos with a blinking cursor makes me think that the computer is waiting for me to start up a FreeDos Cd.  At least that's what I gathered from the HP Support Center page "How to Create a DOS Bootable USB Drive".

Link to post
Share on other sites

I found this page:

http://www.chtaube.eu/computers/freedos/bootable-usb/

It gives instructions for prebuilding FreeDOS in the USB.  I copied the files that were on the stick to the desktop.  I then downloaded the FreeDOS img file on that page and pointed to it using the cd button next to the DD image location on the rufus window.  I then copied the files back on the memory stick and restarted the computer and hit Esc repeatedly.  I get "Welcome to FreeDOS 1.1 bootable USB flash drive."  It gives me options to run FreeDOS or Memtest86.  If I let it time out in 10 seconds then I get the following choices: 1. Run vivard with himem 2. Run vivard without himem 3. command prompt only.  I tried choices 1 and 2 but then I get a black window that states "Memtest86+ v4.20" "FreeDOS HIMEM64  Bad or missing Command Interpreter: a:\command.com \p a:\ Enter the full shell command line:_

Thought is was worth a try.

Link to post
Share on other sites

Hi Eagle,

I was able to successfully run Vivard on the DVD.  The program gives the following options:

0 Boot Clean

1 Boot UMBPCI (silent))

2 Boot UMBPCI (optimal)

3 Boot UMBPCI (semi-defensive)

 

4 Boot JEMM386 (optimal)

5 Boot JEMM386 (semi-defensive)

 

6 Boot no UMB (defensive)

7 Boot no UMB (ultra-defensive)

 

I didn't pick anything, and I think the program timed out and selected option 1 for me because that was highlighted.

The program achieved 100% and showed me one red sector.  I didn't write it down because I went looking for the report.txt file but didn't find it on the dvd or the hard drive.

 

I am back on this screen with the 7 choices above.  I would like you to tell me which option I should use to diagnose the hard drive and also give me some direction as to where to find the report.txt file.  I will try to locate the number of the red sector and will include that on my next reply if I can't find the report.txt file.  I am hopeful that this or another software program will help fix this bad sector. 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.