Tuesday, November 13, 2012

The moral of the story...check the Windows Event Viewer before you do anything else...

Monday, November 12th (happy Veteran's day to all of the veterans out there) should have been a day for me to catch up on some work, check on the status of the new class I just created at my Moodlerooms site, etc.

Instead, it was a day of great frustration.

On Monday I typically run 5 miles around 5:30am.

I awake at 5am, come downstairs, let the dog out, turn on the coffee (our timer is broken) and then tap the keyboard of my PC and move the mouse to awaken it from its night slumber (like many people, I leave my PC running all the time, and allow the Power setting hibernation settings to shut it down.)

Instead, what greeted me as I opened my office door at 5:07am was the infamous Windows Blue Screen of Death.

I keep pretty good notes, and pulled out my PC log, calmly made a notation of November 12th, and wrote down the cause of the failure: the Graphics Device Driver had failed.

The theme of this posting is the Event Viewer, and once I had rebooted into Windows 7, I should have checked it, but I did not.


If you've been following my blog, you know that my PC suffered a catastrophic failure on November 3rd, so it's really only been up and running again for less than a week, so the Blue Screen of Death made me just a tiny bit nervous :)

With nothing but a blue screen staring me in the face, I had no choice but to power down the system and restart it.

Before pressing and holding down the power button (I suppose I could just as easily pulled the plug on the PC,), I nervously listened to the sound of the PC fan whirring.

I watched with additional anxiety as the PC rebooted, announced that it was starting Windows, and Windows seemed just a little slower to boot up than usual.

But it did start, and I was able to do some of the routine OCD sorts of things that I do before going for a run.

  1. Record the outside temperature that Weatherbug reported (yes, I know, some people really hate Weatherbug I like the fact that its recording station is about 1000 feet from my house. The temp and airspeeds are very accurate.
  2. Check on my overnight Kindle and Nook sales
  3. Check on my overnight Lulu print sales
  4. See what hell has broken out overnight in the world via CNN
  5. See what hell is going to break out during the day in the US Markets via Marketwatch.com
  6. If it's Monday, check on the status of my 2 Fantasy Football Leagues :)
In between some of my Firefox web travels, a message about a new Adobe Flash version begin available popped up. I clicked on the install button and it installed OK.

At this point, I was running a little late.

I brought the dog in, gave her a couple of mini biscuits, poured a small cup of coffee, grabbed my running watch and with just a few minutes to spare before my normal departure run time of 5:40am,

I noticed an icon appear that said Windows had done an automated update, and recalled that I have Windows updates scheduled to run on Monday morning at 1:30am.

That made sense---perhaps that's why the system had crashed?

I also saw an icon on the far left of my icons that I didn't recognize.

I hovered over it and it said something about a Data Encryption key, and the need to back it up! What was this? A virus?

I clicked on the icon to see what was up, and the Windows 7 gizmo (not an hourglass, it's a circle) kept spinning...and spinning...and spinning...
The system was frozen.

I tried to get the attention of the Task Manager, and after about 2 minutes, it appeared.

Everything that was loaded

  1. Internet Explorer
  2. Firefox
  3. Weatherbug
  4. Word
  5. Access
  6. Excell
  7. CuteFTP
  8. FrontPage
  9. Notepad
  10. Garmin
  11. Twitter
  12. Twuffer
was in a non-responsive state. I couldn't shut down.

Now at this point, fresh from the hell of a 2 day restore operation on November 3rd and 4th, I decided to throw caution to the wind and go for a 5 mile run and attack it when I came back.

I returned from my run around 6:30am, read the Philadelphia Daily News on the front porch for about 15 minutes, took a quick shower and came back downstairs.

During my run, I had some real fears that my PC was infected by some kind of virus, which was what led to me having to reload Windows 7 the week before (check  my blog post entitled "Not the dumbest thing I ever did...")

Also, during my run, I decided if I was going to do anything to the PC (such as a virus scan, System Restore, etc.) I was going to do it in Safe Mode.

After returning to my office around 7:30am, and finding the computer still "frozen" I held down the power button to turn it off.

I pressed the power button on, and repeated pressed F8 to bring up the prompt to boot into Safe Mode. I chose Safe Mode with networking (this allowed me to play with Facebook for about 2 hours while doing a bunch of other stuff.)

I was happy to see that the computer booted up Windows in Safe Mode, and presented me with the 3 users that I have created on the PC. (actually I created them on November 4th :)

One user is an account I had never used---not the user account I was logged in "as" when the PC froze.

I elected to log in with the account (no password for it, a bad idea but if you've read about my problem from the week before you'll know why.)

The Windows Desktop appeared, a message appeared telling me why I should use Safe Mode (I know :) and the first thing I did was to check my installed programs via the Control Panel to see if I could find any information about this Data Encryption program. I couldn't.

Nothing new had been installed, except for a copy of an Image Compare program I had installed the previous night in my ongoing effort to finalize my family photograph project from the summer.

I also checked the Control Panel to determine what Windows updates had been made recently.

Sure enough, updates had been applied at 1:30am. Nothing appeared amiss.

I decided that it was possible, despite the fact that I visit only "safe" websites such as Yahoo Fantasy Football, Facebook, Twitter, etc that I had gotten a virus of some kind.

I found Malwarebytes in my list of installed Programs, downloaded the latest updates (that's why Safe Mode with Networking is handy,) and ran a Malwarebytes Scan.

Time for another cup of coffee.

Malwarebytes quickly came back and said "no threats."

It was now 7:15am and I decided to run a full Mcafee scan of my system.

While it was running, I decided to uninstall the last thing that had installed---Adobe Flash.

Not content to allow the McAfeee scan to run alone, I also decided to run Spybot Search and Destroy.
It found 5 very minor issues (adware) and finished quickly.

McAfee, in the meantime, finished and said it found no issues.

It was now 7:46am, and I decided to use my networking ability to go out to one of my favorite websites

mybleepingcomputer.com

I was intrigued by that message about Data Encryption, but nothing on it appeared on mybleepingcomputer.com.

I did see one of the techs out there recommend running an ESET Online Scan, which they swore was the latest and greatest in virus detection.

I went out to the ESET website, and it prompted me to install an ActiveX control, and shortly thereafter, it was downloading its latest virus signature database, and scanning my system.

The time was now 7:52am.

2 hours, 51 minutes and 22 seconds later, at 10:10am, ESET had scanned my entire system and found nothing.

Everything I had run told me I had no virus.

In the meantime, I had started working, in Windows Explorer, on identifying which of the 26,000 photographs from my photo scanning project were duplicates.

Part of that process is naming the scan0001.jpg, scan00002.jpg, etc files with meaningful file names. I like to name them like this

200912Dec24S001

where 2009 is the year, 12 is the numeric month of the year, Dec is the three character abbreviation for the month, 24 is the day of the year, S stands for Scan, and 001 is a unique number for that set.

I exchange the S for a C is the photo is from a camera. P if the photo came from my phone.

Estimating the year for some of my old photos is fun, let alone guessing the month and the year.

Naming them this way makes identifying potential duplicates easier.

Of course, if Image Compare had worked the way it did on my old computer, it wouldn't be a big deal, but it hasn't.

I'm sorry, I digressed a bit.

My point is that I was working in Windows Explore while this ESET scan ran, and I was on a good roll, so I decided to continue working on my photographs well after the ESET scan finished.

In fact, I worked on them until 3:27pm, which was a full 5 hours after the ESET scan finished.

I told Safe Mode windows I wanted to restart, and waited patiently to see what would happen, knowing full well that nothing I had done (with the exception of un-installing Adobe Flash) had been significant. I fully expected a problem when I restarted.

Sure enough, Windows appeared to start, but then a black screen appeared indicating that "one of your disks needs to be checked for consistency." CHKDSK was commencing!

I was relieved to find that CHKDSK reported no bad file records.

Then it began verifying my Indexes, and reported that there were several problems.

Interestingly, I recalled that while working with some of the 26,000 photo files in Windows Explorer that morning and afternoon, I had renamed quite a few of them, and a couple of times, the file didn't appear to be renamed, but when I clicked on it Explorer said that it was no longer there! I wonder if this was a symptom of the bad indexes that CHKDSK found.

CHKDSK ran for about 11 mnutes, at which time it finished, and Windows 7 started to boot. It was now 3:38pm.

I wondered how much of my problem was caused by the system crash, and subsequent power down, that I had to do in order to reboot the PC.

I held my breath, and finally the Windows login screen appeared with the 3 user accounts.

I decided to log in with the same account I had used in Safe Mode to see if I could get in.

In a minute or 2, the Windows desktop appeared, and everything seemed to be working OK.

I worked with this user account for a few minutes, then logged off and logged on as my typical user account.

Just to be sure I didn't rush things, I took a break and didn;'t return for 21 minutes.

When I did, I saw that everything seemed OK.

Looking at the System Tray, I didn't see anything there about Data Encryption, although that's about the same spot that Dell's DataSafe Local backup icon appears.

I checked out Internet Explorer, it was fast.

I fired up Firefox, it too was peppy.

One of the websites said I was missing a plugin---it was Flash. I installed it OK.

I then did something I probably should have done at 5:30 in the morning---fired up the Event Viewer. If you don't know what it is, or where to find it, type your Start button, and type Event Viewer into the search box. Fire it up and get to know it.

There were a bunch of events related to the system crash in the early morning hours.

I could see that Windows did the Automatic install at 1:00am, all of them successful, and I also saw that the display device driver had shutdown, but according to the Event Viewer had successfully restarted. I'm not so sure.

I could see the restart of Windows after I powered down and powered up, and there in the Event Viewer was this critical error message...repeated several times between the time I rebooted at 5:27am.

The file structure on the disk is corrupt and unusable. Please run chkdsk utility on the volume

Had I seen this error message at 5:27am, most likely Iwouldn't have gone down the virus worry path I took.

I would have run CHKDSK /r myself---albeit very nervously.

Check out this youtube video that shows you how to run CHKDSK yourself

http://www.youtube.com/watch?v=Es0VivQ_xQI

I've never been big on running CHKDSK or Defrags on my hard drives---but I may be doing some routine disk maintenance in the future.

One thing you can be sure of is that I'll be checking the Event Viewer routinely in order to be sure I don't have any more disk errors.

No comments:

Post a Comment