New
#21
Sorry Karl, I got so distracted with WDO I missed that
Sorry Karl, I got so distracted with WDO I missed that
Never, never, never use Hijack This unless so recommended by one of experts in the Security forum.
Misuse and misunderstanding of that program can cause harm.
I never use the program myself as I prefer safer approaches, one of which is WDO.
Phillip,
For your results from using WDO, I would like for you to carry this out which will put a file WDOLOGS.ZIP onto your desktop. Upload that file please.
thanks,
karl
Script:
# ************************************************************
# Zips up your log files from Windows Defender Offline
# and extended info about the log files
# Places WDOlogs.ZIP on your Desktop
#
# **********************INSTRUCTIONS**************************
# STEP 1 *****************************************************
# RUN PowerShell as administrator
# START ORB | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 *****************************************************
# COPY, using CTRL+C, every line down thru both EXIT statements
# PASTE into Powershell == Right-Click at the PowerShell Prompt
# (Ctrl+V does not work)
# Start copying with first line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
# Lines starting with a # are ignored by PowerShell
# ************************************************************
#functions
function New-Zip {
param([Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
[String] $Path, [Switch] $PassThru, [Switch] $Force )
Process { if (Test-Path $path) {if (-not $Force) { return } }
Set-Content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))
$item = Get-Item $path; $item.IsReadOnly = $false;if ($passThru) { $item } } }
function Copy-ToZip {param(
[Parameter(Mandatory=$true,Position=0,ValueFromPipelineByPropertyName=$true)] [Alias('FullName')]
[String]$File, [Parameter(Mandatory=$true,Position=1)] [String]$ZipFile,[Switch]$HideProgress,[Switch]$Force )
Begin {$ShellApplication = New-Object -ComObject Shell.Application
if (-not (Test-Path $ZipFile)) {New-Zip $ZipFile};$Path = Resolve-Path $ZipFile
$ZipPackage =$ShellApplication.Namespace("$Path")}
Process {$RealFile = Get-Item $File; if (-not $RealFile) { return }
if (-not $hideProgress) {$perc +=5; if ($perc -gt 100) { $perc = 0 }
Write-Progress "Copying to $ZipFile" $RealFile.FullName -PercentComplete $perc}
$Flags = 0; if ($force) {$flags = 16 -bor 1024 -bor 64 -bor 512};Write-Verbose $realFile.Fullname
$ZipPackage.CopyHere($realFile.Fullname, $flags);Start-Sleep -Milliseconds 500}}
$fileinfo = join-path $env:TEMP \wdofileinfo.txt
IF (test-path $fileinfo) {del $fileinfo -ea:silentlycontinue -force:$true}
$dir = $env:windir + '\Microsoft Antimalware\Support'
$a = dir $dir -rec -force -ea:silentlycontinue | sort-object -property lastwritetime
$b = $a | where {$_.extension -eq '.log'} |Select mode, fullname, name, creationtime, lastwritetime, lastaccesstime, length, extension
$b | out-file -append $fileinfo
$b | foreach ($_.fullname) {get-content -path $_.fullname} | out-file -append $fileinfo
$ziploc = $env:userprofile + '\desktop\WDOlogs.ZIP'
new-zip $ziploc -verbose:$false -ea:silentlycontinue -force:$true
copy-tozip $fileinfo $ziploc -verbose:$false -hideprogress:$true
del $fileinfo
EXIT
EXIT
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
# Get-WinEvent: The system can not find the path specified
# you need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
# Run PowerShell
# enter $host.version
# you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2 0 -1 -1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
# Run PowerShell
# enter Set-ExecutionPolicy -executionpolicy remotesigned
#
# ************************************************************
Hi Karl
The use of hijack was under instructions of Kaspersky.
And sorry, I need some help with this instruction. I can open Powershell as Admin, but it does not recognise the instructions start orb or orb itself, and those key combos do nothing. (I even tried the full line START ORB | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo).Obviously I am missing something obvious but just do not know what
Work through these steps for Troubleshooting Windows 7 Failure to Boot using one of the other free bootable AV bootable scans, then attempting repairs, checking hardware if indicated.
Once you can boot Win7 here are additional Troubleshooting Steps for Windows 7 to establish a Clean Boot, scan the logs for repeat errors, test your hardware, use System Resources to find solutions.
Rather than clicking on the Start Orb, which is that round object on the far left of your taskbar then
click on the WIN key which is the key with wavy Microsoft flag on top.
now for that three key combo:
Hold down the CTRL key. Do NOT release.
Hold down the SHIFT key. Do NOT release.
Tap the ENTER key. Now you can release the Ctrl and Shift keys.
Now you may get a prompt about admin privileges where there is a button with the word YES on it.
Press and hold down ALT.
Tap the Y key.
Now you can release the ALT key.
Soon you become a guru.
Phillip,
This may help to explain:
# **********************INSTRUCTIONS**************************
# STEP 1 *****************************************************
# RUN PowerShell as administrator
# WIN key | type POWERSHELL | do NOT hit ENTER |
# in the resulting PROGRAMS list, right-click on WINDOWS POWERSHELL |
# choose "Run as Administrator" from the resulting list
# Click on the YES button (if such appears)
#
# WIN key = key with Microsoft log on top
# for the guru:
# WIN key | type POWERSHELL | CTRL+SHIFT+ENTER key combo | ALT+Y keycombo
# ************************************************************
# STEP 2 *****************************************************
# COPY, using CTRL+C, every line of script down thru both EXIT statements
# PASTE into Powershell
#----Right-Click at the PowerShell Prompt
#----(Ctrl+V does not work)
# Start copying with first line without a # at start of the line
# Note: Actually, you can paste the entire file if you rather
#-------Lines starting with a # are ignored by PowerShell
# ************************************************************
# ***************** NOTE - POWERSHELL VERSION*****************
# if you receive this error msg:
#--Get-WinEvent: The system can not find the path specified
# you need to update your PowerShell
# you must be using Powershell 2.0 or later.
#
# To determine your Powershell version:
#---Run PowerShell
#---enter $host.version
#---you should see at least:
# Major Minor Build Revision
# ----- ----- ----- --------
# 2......0......-1.....-1
#
# If you do not see the above, update your Vista/Win 7.
# ************************************************************
# *************** NOTE - EXECUTION POLICY*********************
# If you haven't set the execution policy, you may need to:
#---Run PowerShell
#---enter Set-ExecutionPolicy -executionpolicy remotesigned
# ************************************************************
Duh!! Sorry Karl, never heard that called an Orb before
Here is the zip file, I'll now work through those Troubleshooting steps and report anything that comes up
Many thanks for your patience and understanding
Philip
Hi again Karl
my apologies for troubling you, but did those files show anything? The overall performance has improved over the past couple of days with now very few "freezes", which last only a couple of seconds, and so far no BSOD, could it have fixed itself?
phillip,
some info that I expected to see there I did not.
As a safety measure please run a complete scan over all drives in your system using MalwareBytes.
Link for malwarebytes in my signature. Be sure and let malware bytes delete any thing it finds.
After malware bytes finishes and only after, then carry out following please:
Install CCleaner:
CCleaner - PC Optimization and Cleaning - Free Download
list of STARTUP PROGRAMS
CCleaner | Tools icon | Startup button | Windows tab |
click on Save to text file button (bottom right side) |
accept Startup.txt as file name | SAVE button
list of SCHEDULED TASKS
CCleaner | Tools icon | Startup button | Scheduled Tasks tab |
click on Save to text file button (bottom right side) |
enter Scheduled Tasks as File name | Save button
List of INSTALLED PROGRAMS
CCleaner | Tools icon | Uninstall button |
click on Save to text file button (bottom right side) |
accept install.txt as File name | Save button
UPLOAD, as an attachment, the startup.txt file
UPLOAD, as an attachment, the Scheduled Tasks.txt file
UPLOAD, as an attachment, the install.txt file.
HOW TO UPLOAD
Post a File or Screenshot in Seven Forums
-------------------------------------
thanks, karl