New
#101
I have just got a Windows Defender warning for FRST.exe
I have deleted it and FRST64.exe as a precaution
I have just got a Windows Defender warning for FRST.exe
I have deleted it and FRST64.exe as a precaution
Run: https://www.malwarebytes.com/mwb-download/
Post report.
OK, Tuneup.bat completes then the commuter crashes before I can get the data.... not a BSOD, a BlackSOD, the screen goes black and the monitor goes into standby... the power light is still on and the HDD light is flashing but the mouse and keyboard are unresponsive.
I suspect WDV so I'm going to turn it off and run tuneup.bat again
Will run malwarebytes first
Ok.
Post a new V2.
During the last upgrade attempt there was a BSOD that created a setupmem.dmp.
The misbehaving driver was TeeDriverW10.sys
Uninstall and reinstall: teedriverw10.sys
Code:mei Intel(R) Management Engine Interface c:\windows\system32\driverstore\filerepository\heci.inf_x86_3fec17f874687c29\x86\teedriverw10.sys Kernel Driver Yes Manual Running OK Normal No Yes
Also uninstall the Intel GPU driver using DDU (display driver uninstaller)
Re-install the Intel GPU driver using the Intel driver and support assistant:
Download Intel(R) Driver & Support Assistant
Display Driver Uninstaller Download version 18.0.3.5 (or newer version if available)
Official Display Driver Uninstaller DDU Download
Display Driver Uninstaller: How to use - Windows 7 Help Forums
Display Driver Uninstaller: How to use - Windows 7 Help Forums
Code:Driver C:\WINDOWS\SYSTEM32\DRIVERS\IGDKMD32.SYS (20.19.15.4624, 6.77 MB (7,102,960 bytes), 17/03/2017 11:38 PM)Code:TeeDriverW10.sys Sun Aug 23 14:29:50 2020 (5F42C3AE)
Here is the malwarebytes report - can't see anything serious
Dropbox - MWB20210425-1917.txt
Maybe it was just a false positive on FRST.exe
Hello @smartcooky and @zbook
I hope it's okay if I disturb you.
Can you do the following:
Push the Windows Button, type cmd and then select the option "Run as administrator".
In the command prompt run this command:
wmic.exe /Namespace:\\root\default Path SystemRestore Call CreateRestorePoint "Driver install", 100, 12
After run the command, you should see:
That creates the Systemrestore point with the name: Driver Install.Code:Executing (SystemRestore)->CreateRestorePoint() Method execution successful. Out Parameters: instance of __PARAMETERS { ReturnValue = 0; };
When you see a other message let me known.
Then close the window and download and install this Intel MEI Driver:
Package removed
This is a driver from Intel that is supplied to OEMs and is therefore not available for download on the Intel website.
After install, restart the pc and then creates and share a new drivers.txt file with the following command in the command prompt as administrator:
Dism /online /get-drivers /format:table > "%userprofile%\desktop\drivers.txt"
Friendly greetings
Last edited by Tekkie Boy; 26 Apr 2021 at 06:06.
Didn't crash this time
Here is the tuneup.bat data
###########################################################
# The following commands will be run in sequence. #
# The first 5 will take quite a while to run, be patient. #
###########################################################
sfc /scannow
dism /online /cleanup-image /scanhealth
dism /online /cleanup-image /restorehealth
sfc /scannow
chkdsk /scan
wmic recoveros get autoreboot
wmic recoveros set autoreboot = false
wmic recoveros get autoreboot
wmic recoveros get DebugInfoType
wmic recoveros set DebugInfoType = 7
wmic recoveros get DebugInfoType
wmic pagefile list /format:list
wmic Computersystem where name="PHOTOLAB" get AutomaticManagedPagefile
wmic Computersystem where name="PHOTOLAB" set AutomaticManagedPagefile=True
wmic Computersystem where name="PHOTOLAB" get AutomaticManagedPagefile
bcdedit /enum {badmemory}
C:\WINDOWS\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
C:\WINDOWS\system32>dism /online /cleanup-image /scanhealth
Deployment Image Servicing and Management tool
Version: 10.0.18362.1316
Image Version: 10.0.18363.1500
[==========================100.0%==========================] No component store corruption detected.
The operation completed successfully.
C:\WINDOWS\system32>dism /online /cleanup-image /restorehealth
Deployment Image Servicing and Management tool
Version: 10.0.18362.1316
Image Version: 10.0.18363.1500
[==========================100.0%==========================] The restore operation completed successfully.
The operation completed successfully.
C:\WINDOWS\system32>sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
C:\WINDOWS\system32>chkdsk /scan
The type of the file system is NTFS.
Stage 1: Examining basic file system structure ...
724736 file records processed.
File verification completed.
11161 large file records processed.
0 bad file records processed.
Stage 2: Examining file name linkage ...
28649 reparse records processed.
919570 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered to lost and found.
28649 reparse records processed.
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
97418 data files processed.
CHKDSK is verifying Usn Journal...
35546080 USN bytes processed.
Usn Journal verification completed.
Windows has scanned the file system and found no problems.
No further action is required.
116400228 KB total disk space.
92964420 KB in 343835 files.
291928 KB in 97419 indexes.
0 KB in bad sectors.
837612 KB in use by the system.
65536 KB occupied by the log file.
22306268 KB available on disk.
4096 bytes in each allocation unit.
29100057 total allocation units on disk.
5576567 allocation units available on disk.
C:\WINDOWS\system32>wmic recoveros get autoreboot
AutoReboot
FALSE
C:\WINDOWS\system32>wmic recoveros set autoreboot = false
Updating property(s) of '\\PHOTOLAB\ROOT\CIMV2:Win32_OSRecoveryConfiguration.Name="Microsoft Windows 10 Home|C:\\WINDOWS|\\Device\\Harddisk0\\Partition1"'
Property(s) update successful.
C:\WINDOWS\system32>wmic recoveros get autoreboot
AutoReboot
FALSE
C:\WINDOWS\system32>wmic recoveros get DebugInfoType
DebugInfoType
7
C:\WINDOWS\system32>wmic recoveros set DebugInfoType = 7
Updating property(s) of '\\PHOTOLAB\ROOT\CIMV2:Win32_OSRecoveryConfiguration.Name="Microsoft Windows 10 Home|C:\\WINDOWS|\\Device\\Harddisk0\\Partition1"'
Property(s) update successful.
C:\WINDOWS\system32>wmic recoveros get DebugInfoType
DebugInfoType
7
C:\WINDOWS\system32>wmic pagefile list /format:list
AllocatedBaseSize=4352
CurrentUsage=396
Description=C:\pagefile.sys
InstallDate=20210419142927.018032+720
Name=C:\pagefile.sys
PeakUsage=435
Status=
TempPageFile=FALSE
C:\WINDOWS\system32>wmic Computersystem where name="PHOTOLAB" get AutomaticManagedPagefile
AutomaticManagedPagefile
TRUE
C:\WINDOWS\system32>wmic Computersystem where name="PHOTOLAB" set AutomaticManagedPagefile=True
Updating property(s) of '\\PHOTOLAB\ROOT\CIMV2:Win32_ComputerSystem.Name="PHOTOLAB"'
Property(s) update successful.
C:\WINDOWS\system32>wmic Computersystem where name="PHOTOLAB" get AutomaticManagedPagefile
AutomaticManagedPagefile
TRUE
C:\WINDOWS\system32>bcdedit /enum {badmemory}
RAM Defects
-----------
identifier {badmemory}
C:\WINDOWS\system32>Echo off
###################################################################################
# How to capture batch file data and post in your thread in the BSOD forum #
# #
# Batch files and instructions for use in BSOD debugging[Part Two-Four] #
# #
# Press [V] to visit the above web page for detailed instructions. #
# Press [C] to close this window. #
###################################################################################
Run the scan again enabling rootkit testing.
See edited earlier post.
I'm going to restart WDV on the test you want me to do, and then call it a night.
I will come back through on the way home and check to see if any crashes have happened
I will catch up on post #108 and techieboy's post tomorrow
Hi Tekkie Boy,
Lots of logs.
So far setupmem.dmp.
After replacing both Intel drivers, if malwarebytes is clean, planning:
1) uninstallation malwarebytes using the applicable uninstall tool
2) placing the computer in clean boot
3) in place upgrade repair
Please comment for any additional steps.
Please post a new V2 and CBS before retiring.
Thx.