Jump to content

Some dirty situation


Gloops

Recommended Posts

Hello everybody,

Two weeks ago my machine did not start any more (I presume an update failed), so I restored an image of six months ago. That ran quite well.

I had three programs to install on that. For one of them I forgot the path so I installed one that was not compatible with Windows Hello. I uninstalled it, restarted several times, it was OK. The good program works OK.

Last Sunday, several programs showed error messages and were unable to work. It appeared that machine.config for .Net 4 had a line doubled, for the declaration of dotnet.remoting, that was a problem to use configuration systems. Once the first of the two lines in comment, the problem was solved.

This morning, Windows Hello was not loaded any more. After a SFC /scannow and three restarts, I tried a system restoration, that took an hour to fail, I aborted it. A message confirmed me it failed, but Windows Hello works again.

Well, the machine works but I begin to think that makes too much in too few time, so I have a look.

adwCleaner and zhpCleaner find nothing.

But zhpDiag does.

Any reaction required ?

 

ZHPDiag.txt

Link to post
Share on other sites

  • Root Admin

Hello @Gloops and :welcome:

If SFC and DISM do not work and cannot run to completion then you have too much corruption going on. I would highly suggest you run DISM from an elevated command prompt.

STEP 1
Run a full disk check of the system. From an elevated admin command prompt type the following and reboot the computer.

CHKDSK C: /R

The command will say it cannot lock the drive. Press the Y key to allow it to run on restart. Then press the Enter key one more time and restart the computer and let it run and complete the scan and repair.

STEP 2
Open an elevated admin command prompt and type in the following exactly and run it.

dism /online /cleanup-image /restorehealth

STEP 3
After running DISM then restart the computer and again open an elevated admin command prompt and type in the following

SFC  /SCANNOW

Let the command run even if it takes a couple hours to run. Do not interrupt it.

Once that's completed reboot the computer one more time. Then run the following and we'll scan for any other possible issues.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Hello,

I just made a chkdsk although the system told me it was not necessary. It answered "Windows has correctly analyzed the driver, no error was found."

I should like to verify whether I was clear about previous steps, done before I asked the question, as you propose me to redo some of them.

SFC /scannow

errors found and corrected. I do not remember where the log is.

dism /online /cleanup-image

with an option like /verify or a synonym

no error found

three restarts

no result observed

failed system restoration

Windows Hello OK

adwCleaner, zhpCleaner

nothing detected

zhpDiag

16 errors detected, zhpdiag.txt attached

 

 

dism.log

Link to post
Share on other sites

  • Root Admin

CAre you using this computer to do programming?

What is this program?
C:\Program Files (x86)\EtatClavier\EtatClavier.exe

 

Getting the following error on the system too that needs to be corrected.

Error: (12/12/2018 07:38:56 AM) (Source: volsnap) (EventID: 25) (User:)
Description: Shadow copies of volume C : have been deleted because the shadow copy storage could not be expanded in time. Reduce the I / O load on the system or choose a shadow copy storage volume that is not in shadow copy.

 

What specific issue are you having with the computer still? The logs do not show an obvious infection and just a few minor things that we could clean up but I don't think that will resolve any real issues you might be having. Please describe in more detail what you think is going on or what you think is wrong.

Very late for me so I'm headed out but will check back on you again sometime tomorrow.

Thanks,

Ron

 

 

Link to post
Share on other sites

1 hour ago, AdvancedSetup said:

CAre you using this computer to do programming?

What is this program?
C:\Program Files (x86)\EtatClavier\EtatClavier.exe

Hello,

Well yes, this is a program of mine (that I developed on a previous machine, but I presume this is not the topic), it shows the state of the keyboard (caps lock, num lock, scroll lock and insert), I used it regularly until I discovered addLeds from wintools.info, that I have to admit has a much better user interface.

It was a good thing I was a developer, I do not know how much time it would have taken to understand what happened with the registering of dotnet.remoting : only Visual Studio showed an explicit message. And I was not programming these days, so I believe I am innocent.

 

1 hour ago, AdvancedSetup said:

 

Getting the following error on the system too that needs to be corrected.

Error: (12/12/2018 07:38:56 AM) (Source: volsnap) (EventID: 25) (User:)
Description: Shadow copies of volume C : have been deleted because the shadow copy storage could not be expanded in time. Reduce the I / O load on the system or choose a shadow copy storage volume that is not in shadow copy.

 

What specific issue are you having with the computer still? The logs do not show an obvious infection and just a few minor things that we could clean up but I don't think that will resolve any real issues you might be having. Please describe in more detail what you think is going on or what you think is wrong.

Very late for me so I'm headed out but will check back on you again sometime tomorrow.

Thanks,

Ron

 

 

Hum, as I understand this is the problem of missing place on the system partition ?

When buying the machine in April or May, I installed all programs I could on the SSD, letting some place for the updates, but six months later it appeared that place was not enough.

Do you have any idea how much place I should free on the system partition ?

Do you think this is the source of the instability I observed ?

In fact, since I opened the thread everything is OK (except I tried to understand what was that activity I saw on the network, but probably that was a program update.

I tried GlassWire to identify the network activity, that has a medium or low clarity. Any better idea ?

That being said, can I ignore 16 entries signalled by zphDiag ?

 

Link to post
Share on other sites

  • Root Admin

Nothing new or different in that zphDiag log either.

You have 7GB of free space which is more than enough for Windows. The system can operate with less than 500MB of disk space, but personally never like to get below 2GB of free disk space. If you can move user data to another drive that would be great.

You can use the free program Treesize to determine what data is taking up the most space on the drive.

https://www.jam-software.com/freeware/

 

Link to post
Share on other sites

Oh nice, your position about the free space is a pleasant change to the usual message :)

But in fact, the update system has abandoned migrating from 1803 to 1809, and it could be for this reason ?

This has avoided me big problems that appeared with that version, but I wonder to which extent staying there would be a good idea.

As you perhaps saw, I installed TreeSize Free, that helped me to see that Visual Studio is what takes the most place, followed by Firefox, and by other development tools. Not really something I use rarely. I could move Open Office, but that would free 320 MB, much work for few results ...

So, you say the 16 problems pointed by zhpDiag are a false alert ? And so that I can hope those malfunctions are a bad memory ? Nice.

 

Oh, while I am there, my firewall (that I parametrized a few months ago to use rules to only let authorized traffic go through) alerts me about an incoming traffic for Host For Windows Task from 192.168.1.1 : but this is my Internet router. I blocked access to the webcam for that program, this runs OK, but this is the first time i see this message.

 

Link to post
Share on other sites

  • Root Admin

Difficult to say what the network block is from. Maybe just a fluke. Your Event Logs might possibly help but I wouldn't hold my breath on that. See if after a couple reboots it keeps coming back or not.

What about your System Restore Points? Hard to believe that Firefox is taking up all that much room unless you're caching, saving videos or have a download folder under it and downloading files there.
You could delete all your system restore points and make a new one now since all seems to be okay. That would also reduce used space. Again, odd that Firefox would take up the most space out of 121GB drive.

In theory, I believe the most the Windows update would take would be 5GB

The entries found by that other program all appear to be left over orphans of previous infections removed. Nothing to worry about, just junk like bread crumbs on the floor after you eat a sandwich.

 

 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.