If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#91
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
The 8200 came back up fine with no problems
but I ran the scans again just to make sure. Robert |
Ads |
#92
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Mark Twain wrote:
When I computer freezes I can't do anything, the mouse doesn't work or the keyboard. Once it free's up everything is back to normal but it shouldn't be doing this at all and never did this before. I also came across another question: I was updating SpywareBlaster and it said that there was a new version available so I clicked the link: http://i58.tinypic.com/2r76ijt.jpg http://i57.tinypic.com/2h4drww.jpg http://i59.tinypic.com/9s865g.jpg http://i59.tinypic.com/qqcoja.jpg It's pretty confusing on which to click for the correct download. So I thought I would play it safe and ask you before I click the wrong one. Why do they make things so difficult? If there's a new version I shouldn't have to click multiple times to get it and the download screen just contain that one download and nothing else. Your right the EXE command is much better but I don't know how to retrieve it for the update. I also I ran a Avast scan on the 8200 and found (2) threats which I successfully deleted and it recommended a restart/scan which it's in the process of doing now. I'll be ordering the external HD and case for storage on the 8500 on Wed. Thanks, Robert I checked, and SpywareBlaster is owned by BrightFort. https://en.wikipedia.org/wiki/SpywareBlaster This is supposed to be a link to the product page. http://www.brightfort.com/spywareblaster.html ******* In your first picture, they don't promise a direct download. That button is supposed to "lead you on safari". On the second image, you would click the less exciting "continue download" button. On the third page, it would be "Download SpywareBlaster 5.2 from MajorGeeks". Anything to get off the Safari Trail. On the fourth page, there are three download links. They are under Download Locations. I've made a number of downloads from MajorGeeks without problems. spywareblastersetup52.exe 4,184,064 bytes The scan for the download is clean. https://www.virustotal.com/en/file/f...c56d/analysis/ They tried to lose you in the woods, by taking you on safari, but it didn't work :-) Have fun with your update. Paul |
#93
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Mark Twain wrote:
You mentioned that FF would sometimes up an alert or somtimes I would see a pop-up that the script is busy. I have seen those in the past but stopped the script. I'm not saying this is the cause but ever since I disabled the hardware acceleration I haven't seen any and as I said I can logon with no troubleshooting issues but this freezing isn't normal Well, I get them here (a script that won't stop or finish), so they are common. Sometimes I switch browsers, and try again, just to see if every browser gets the same luusy quality code from the web site. If they want, a web site can give every user a unique program to run on their computer, so really, it's possible to have problems on web browsers, that no one else can reproduce. I'm not saying that's the case here. And as for incompetence, even the Microsoft site has web pages with bad code on them, that drag the browser to its knees. So this is a common problem, and even sites that should know better, can produce just lousy code. In Microsofts case, they can't even blame "advertiser code" for causing a script problem, as generally Microsoft web pages are purely technical. With very little overt advertising (not like the flashing crap you see on the Tinypic site :-) ) Paul |
#94
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Mark Twain wrote:
Hello Paul, Of late, I've noticed that like when I click on a story on Yahoo the 8500 freezes and I can't do anything until the story loads. This never happened before. Could the hardware accelerator have anything to do with this? On the one hand I like being able to logon without going into the trouble shooting mode but at the same time I don't like the 8500 hanging up like this especially as this has never happened before. Thoughts/Suggestions? Robert I tried to read a story on the Yahoo page. I got a huge (3MB) HTML page, plus a folder containing another 3MB of files. And in the folder is a 600KB "movie player" javascript. But that's not all. Near the top of the page, portions of the page keep reloading over and over again. I railed one core on my CPU for at least 30 seconds. But, the machine did not freeze. Now, consider, that you have AV programs on your machine. There could be an interaction between that level of activity on the browser, and the response from the AV software while it watches what is going on. (The AV software can scan the files, while they're being read.) I would keep Task Manager open, revisit the Yahoo page, and see if Task Manager can continue to update, while things freeze up. It takes a lot to freeze up a machine like that. But an AV (running in Ring0), is in a perfect position to freeze things. If it wants to. I had my AV lock up the computer one day, when I tried to install the FRAPS screen capture software. I had to use the power button to get out. One thing you could try, is disable Avast real-time protection. Then try reading a story on the Yahoo page, and see if the symptoms differ. Avast probably has one of those "disable real time protection for ten minutes" things, which gives you enough time to test the response of a program, without the AV interfering. Paul |
#95
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
I updated SpywareBlaster on both computers then
I took your advice and started Task Manager then disabled Avast for 10 minutes then went to Yahoo and read several stories with no problems whatsoever. So I should or shouldn't be concerned if it freezes up? Thanks, Robert |
#96
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Mark Twain wrote:
I updated SpywareBlaster on both computers then I took your advice and started Task Manager then disabled Avast for 10 minutes then went to Yahoo and read several stories with no problems whatsoever. So I should or shouldn't be concerned if it freezes up? Thanks, Robert Absolutely, you should fix whatever is freezing the computer. Avast has AutoSandbox and DeepScreen. http://www.ghacks.net/2013/08/17/a-f...ntivirus-2014/ As far as I know, AutoSandbox is like running a separate OS in a virtual machine, as a place to test suspicious executable programs for heuristically detected behavior. Regular signature scanning, is the old way of providing protection. Where every file you access on the computer, is checked against a signature database. But that is weak for new malware, which might not be in the signature database yet. The sandbox idea, is for catching things that don't have a signature definition yet. So for "freezing" on the computer, those features, ones involving Sandbox, are the ones I'd turn off first. So your test sequence might be: 1) Read your article on Yahoo. Notice at some point, you have a freeze event. 2) Try to read another story, to confirm that the freeze events are consistent. You want a repeatable test case. 3) Now, open the Avast control panel, and either turn off all AV protection, turn off DeepScreen or turn off something related to Sandbox. Try to figure out which feature in Avast, causes the problem. 4) Now, read another Yahoo story. Does it freeze now with the certain thing turned off ? Is the behavior different ? And remember, that behaviors on a computer can be caused by the bad guys (malware), the good guys (AV software), or by defective hardware. When you have an AV product on-board, it had access to virtually every resource on the computer, and then your AV product calls the shots. It could just as easily be a malware doing it. Take my situation here. Yahoo makes a "very busy" news page. It kept my processor busy. But, it only used up one core on my dual core computer. The computer remained responsive, because the second core is not overloaded like that. As long as programs are not threaded so well that they can abuse the whole machine, I'm in good shape. Now, the AV program, it is responsible for all cores on the computer. And if the AV program calls for a certain behavior, it might apply it to your 4C 8T processor and lock the whole thing up. Things like sandbox technology, require loading the sandbox off the disk drive, and you could be disk-limited while that is happening. But if the GUI (desktop) stops responding, then something "pretty deep" in the machine is doing it. I've had GUI failures here in WinXP. Where the desktop interface stops responding entirely. And the machine is not crashed, because I can issue a "ping" command from a second computer, and the frozen machine responds. I've also had that happen when a 3D game crashes, the sound card is looping, and you hear the same 1-second long sound effect over and over again. The machine isn't "crashed to a BSOD", it's just the graphics subsystem which is hosed, and will require a reboot to recover. I'm just guessing it is Avast, and it's probably a relatively easy thing to test a few of the settings. Paul |
#97
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Understood, it could be malware, AV or
hardware causing it. I'm assuming from what your saying is that if I'm on Yahoo for example and I click a story and it freezes the 8500, then when it frees it up click the story again to see if the same thing happens. If it does, then go into Avast and disable some component associated with 'Sandbox' (although how will I know?). Then try reading the story again to see if it freezes and repeat until the component which is causing the freezing is found by process of elimination. Correct? In passing I had to remove the Win 10 nag twice today. Thanks, Robert |
#98
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Mark Twain wrote:
Understood, it could be malware, AV or hardware causing it. I'm assuming from what your saying is that if I'm on Yahoo for example and I click a story and it freezes the 8500, then when it frees it up click the story again to see if the same thing happens. If it does, then go into Avast and disable some component associated with 'Sandbox' (although how will I know?). Then try reading the story again to see if it freezes and repeat until the component which is causing the freezing is found by process of elimination. Correct? In passing I had to remove the Win 10 nag twice today. Thanks, Robert The procedure for the Win10 nag is: 1) Uninstall 583. Reboot. Look in "Installed Updates" for 583. Uninstall it. http://cdn3.howtogeek.com/wp-content...uBt7RqJZLH.png 2) Enter Windows Update (assuming your Windows Update at least prompts for permission to go ahead). Perhaps your Windows Update is set to fully automatic ? You need to bring up the list of updates it proposed to install, locate 583 in the list, right-click it and there should be an item "Hide" there. If Windows Update were to be set to "Full Auto", you won't have a chance to change the status to "hidden". "Hide Update" http://cdn3.howtogeek.com/wp-content...YzSvjR8LUx.png 3) Once it is hidden, there should not be a nag. The only way it can come back if you did (2) correctly, is if Microsoft reissues the 583 update. As far as I know, 583 is at version 2 at the moment. The procedure starts half way down this page if you need more info. http://www.howtogeek.com/218856/how-...fication-tray/ If Windows Update settings are left on full Auto, then 583 is going to keep coming back. Now, when 583 got installed on my system, before it even had a chance to nag, I happened to have Task Manager open while working on something else, and I could see either GWX.exe or GWXux.exe running. Something "Get Windows Ten" or GWX related, was running on the computer. That's how I knew it had sneaked in. After removing it, hiding it, so far it hasn't come back. And one reason for that, is my Windows Update is on Manual control. I start a Windows Update run when I have time, I review the proposed updates, I only tick the ones that appear to have zero impact. Anything obnoxious gets the "Hide" treatment. ******* For your "freezing" problem, I don't have any tools that absolutely guarantee a clue as to what is wrong. Tools like Avast, I don't know if they can even be monitored with ETW (the tracing system in Windows). This program, for example, will show you all sorts of background activity on the computer. But like so many things in Windows, it doesn't come with guarantees. The events might be in Ring0, but any program granted permission to run in Ring0 (like a driver), can muck about as it sees fit, and nothing can stop it. If you want to play with this, in the File menu of the running program, is a tick box. You remove the tick to stop collecting data, then you can scroll through the trace and have a look for anything suspicious. The events collected have a time stamp. In your case, if the computer freezes for five seconds, you'd be looking for a "gap" in the trace, where the computer "went quiet" for five seconds. That would be proof, that the problem was so severe, that something had interfered with ETW. Use the download link that says "911 KB" near the top. https://technet.microsoft.com/en-us/...rnals/bb896645 Unpack the zip and run the EXE. It will start tracing immediately (if the Filter window gets in the way, just dismiss it), and the first thing you will see in there, is as many as 200 Registry accesses per second. Those tend to be repetitive, and contain things the OS checks once a second to see if the status of some thing it is supposed to be doing, has changed. But amidst that flood of information, sometimes you notice a single event in the trace, that "gives a hint" as to what is going on. What you would do, is read a Yahoo story, while that trace is running - you would expect the trace on the screen to stop moving. But, if the tracing engine behind the scenes is still working, there might be some record as to what process is doing it. If there seems to be a five second gap in the time stamps, then the problem is so low-level, it can't be traced. And only the AV could do that. It's unlikely to be a bug in the kernel itself. Paul |
#99
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
I forgot to hide it, my fault. Next
time it appears, I'll hide it. You offer great solutions and links but as you pointed out it could be the AV, malware or hardware and since its intermittent its very difficult to pin down what exactly is causing it. I ran the ETW then opened a story on Yahoo and ETW kept running changed numbers. http://i61.tinypic.com/fefbza.jpg http://i58.tinypic.com/jafdpd.jpg Robert |
#100
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
The 8500 froze again today while opening
Yahoo mail. It locked everything for a few seconds. I then exited and then tried it again with no problems. Robert |
#101
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Mark Twain wrote:
I forgot to hide it, my fault. Next time it appears, I'll hide it. You offer great solutions and links but as you pointed out it could be the AV, malware or hardware and since its intermittent its very difficult to pin down what exactly is causing it. I ran the ETW then opened a story on Yahoo and ETW kept running changed numbers. http://i61.tinypic.com/fefbza.jpg http://i58.tinypic.com/jafdpd.jpg Robert For a first trace, you should keep the Filter window clean. In this example, I have the same one you selected. Click this and "Remove" it with the Remove button. http://i60.tinypic.com/t8sndh.gif When the trace runs, the File menu has a tick box next to "Capture". If you select "Capture" from the menu, the tracing stops. And then you can, at your leisure, scroll around in there and look at stuff. You would stop the trace, after your freezing event had happened. http://i61.tinypic.com/2lkfccx.gif Now, in the trace in that example, I've already encountered something weird. My browser Firefox, is poking a file it downloaded eons ago. Why is it doing that ? Who knows :-) The thing is, that trace collects a torrent of data. In the last trace window, you can see that some events collected, are only 10 microseconds apart in time. So the potential amount of information collected is huge. You use the Filter dialog, and the various filter types, to restrict the things you see on the screen. If you suspect a certain kind of thing happens, maybe you go looking for that specific thing. At this point, I really don't know what to expect, which is why I'm trying to see as much as I can, even if it's an overwhelming amount of data. You're looking for a "pattern" to suggest what is happening during the freeze period. Paul |
#102
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
The Win 10 nag came back but it doesn't have
a box and when I right click it it only has uninstall: http://i61.tinypic.com/iqlvky.jpg I think I deleted the process profiling that you showed in your example but viewing the ETW screen itself is rather confusing. I've tried playing around with it but I really don't know what I'm doing or looking for. I was able to stop the tracing but the numbers on the bottom kept running so I assume that's normal. I can see my search queries like checking a library book out/in but other than that it doesn't make much sense to me. Robert |
#103
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Just ordered the external HD and case you
recommended. I'll let you know when they arrive. Thanks, Robert |
#104
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
Mark Twain wrote:
The Win 10 nag came back but it doesn't have a box and when I right click it it only has uninstall: http://i61.tinypic.com/iqlvky.jpg I think I deleted the process profiling that you showed in your example but viewing the ETW screen itself is rather confusing. I've tried playing around with it but I really don't know what I'm doing or looking for. I was able to stop the tracing but the numbers on the bottom kept running so I assume that's normal. I can see my search queries like checking a library book out/in but other than that it doesn't make much sense to me. Robert The tool you downloaded is called Process Monitor. It uses the ETW tracing system, to collect events of significant from the running computer. In the File dialog, there is a tick box. You remove the tick box, when you want to "stop tracing". The numbers at the bottom should stop incrementing when you do that. It should not continue adding elements to the trace, once the trace is switched off from the File menu. To clean the trace (the "stopped" trace), go to the Edit menu and look for a clear option. That will make the window empty again. To start another trace running, go back to the File menu, and select the same item as before. It will become ticked, and the trace will start running again. In one of the middle menus, there is a Filter dialog. It filters what is shown in the display. When working on a new, unique problem, typically you turn off the filter events. To avoid confusion, you can use the "Remove" button in there, to remove things you don't need as filters. Once you start the trace running, you would read your Yahoo news stories, and get the computer to freeze again. When the computer is unfrozen again, race over to the Process Monitor window, go to File, and untick the ticked item, to stop the trace. The numbers at the bottom should stop growing. I don't know what to expect in the trace. Obviously, there will be items labeled with "Firefox", because when you started browsing the Yahoo site, there will be Firefox activity in the log. When Firefox pulls in the Yahoo files, to present the news story on the screen, there will be Createfile and Writefile operations. As Firefox loads downloaded stuff into the Firefox cache. But what happens after that, I can't really predict what is going to be in the trace. And there isn't a simple way for you to describe and summarize what is in that trace window. There is just too much data. While you can Save and keep trace files, and other people can open them, the files are huge, and not suited for any sort of transport. And I don't want you trying to Tinypic all the trace windows either :-) That would take *thousands* of pictures, to transfer the whole trace. Don't do that. Only if you have the causative event in a window, would taking *one* Tinypic shot of it, make sense. Using the time stamps in the left hand column, plus the names of executables, that's about all I can recommend looking at, for some hint as to what is going on. I feel this is your AV program (Avast), but that's purely a guess on my part. And if Avast is doing it, there isn't even going to be an entry in the Process Monitor trace, with Avast in the name. As Avast can out-fox the Process Monitor if it wants to. Just as a rootkit could stay hidden, with enough effort (rootkit modifies ETW subsystem to make it "blind"). So if the five second freeze period, is filled with svchost or named_program items of some sort, then we know it's an "ordinary" problem. If the trace doesn't collect any data for five seconds, that suggests something in Ring0 did it. Or SMM. So what the trace then tells us, is the "class" of the perpetrator. Rather than guaranteeing a resolution to the problem. So if the trace doesn't collect anything during those five seconds, it's probably not an adware, or a Firefox problem etc. It's something lower down. Paul |
#105
|
|||
|
|||
O.T. Computer Cleaning Maintenance:
You make it sound easy but that's allot of information for me to swallow and I just wonder why is it doing it now since I've had Avast for a long time. From what you say I have to keep at this until I find out what it is and that may be never. Seems every time I pose a question I open a can of worms. Robert |
Thread Tools | |
Display Modes | |
|
|