Intermittent black Screen on Login. [M110]1[v6]

Sanya

Could you try starting CIS please, and see if there are any logs for the period of the black screen?

Also could you append Windows event logs for that period (system and application). THey are accessed from COntrol panel ~ admin tools ~ event viewer in most windows versions

Finally if you ave not rebooted since the Black screen another look at the Killswitch processes may be helpful. Something maybe sandboxed that was not.

The fact this happens in the morning does suggest that there is a screen saver, or it’s set to log off after a time interval.

Best wishes

Mike

I did actually have to shutdown my computer to get to sleep since it’s rather loud. Good news though is that I had it again now when I woke up, well good news or bad news it all depends on how you look at it.

There are logs only from Defense+, I will attach both a screenshot and a zip file containing the exported log.

I will attach the exported event viewer categories as asked.

Will attach screenshot of killswitch.

What I’ve noticed now is that it ignores the previous rule of only happening in the morning, now it happens whenever the hell it wants. Latest was today Saturday 22nd December 2012 at 14:57 - 14:58.

I don’t know what it is but there was something called “LocaleMetaData” created on my Desktop and they contain files called Application and System just like the event viewer logs, I’ll zip that folder up with the event viewer logs.

[attachment deleted by admin]

Also I just checked and I do not have a screen saver on according to Windows.

Thanks Sanya, much appreciated. First up your 14.58/9 CIS events look weird to me.

Loos like CIS is handcuffing core OS citizens, going about their lawful business. This looks like a false arrest to me.

Could you look in the jail (unrecognised files)

Best wishes

Mike

Unfortuntely the event files don’t go up to 14.58.

The back screen before that was when?

Best wishes

Mike

There are no files in the unrecognized files.

The black screen before this one occurred at Friday Dec 21 2012 at around 23:20.

I made another zip file with the event viewer log, also checked that the items from around 14:48 were there, click Date and Time two times in order to get the latest events at the top.

[attachment deleted by admin]

In my last post I accidentally typed 14:48, I meant 14:58.

I think my computer is auto-adjusting for time zone differences.

Sorry to ask, but what time is it with you?

I live in Sweden so at the moment it’s 16:55/ 4:55 AM, GMT +1
http://wwp.greenwichmeantime.com/time-zone/europe/european-union/sweden/time/

4:55 PM******* sorry… well now it’s 5:17 PM. I always mix up AM and PM <_<

No Probs :slight_smile: Realised Sweden is not very far away.

Hmm not sure its the time difference, wierd

Anyway on Friday Dec 21 2012 at around 23:20, well just after 23.37 there was a system stop without shutdown

I guess that was you using the big red switch?

Only other thing I can see is Steam service not starting properly.

I think that I need to get someone to look at the CIS logs, as the way they work may have changed with 6.0.

Those events certainly seem to tie in with your symptoms though.

Is your computer showing a logon screen after you have left it for a while?

If so you may be able to stop this happening by stopping the computer logging off when you are not using it. Though its less secure, sorry. Do you need help with how?

Best wishes

Mouse

My computer does not log out or lock down or go to sleep or any of the sort if it’s idle, I have it set to always run unless I tell it to shutdown, I haven’t made a hard shutdown or what they are called (When you just cut the power) for several days, rather it’s just that my computer seems to sometimes fail to shutdown correctly.

I always shut down by pressing the “Shut down” button in Windows. Equivalent to “shutdown -s” in the command prompt.

Actually, I can’t find that among my logs =/ in my logs it just keeps on going, no system stops…

It’s this one:

Microsoft-Windows-Kernel-Power
[ Guid] {331C3B3A-2005-44C2-AC5E-77220C37D6B4}
EventID 41

For some reason your system doesn’t know what it is, but its a stop without switchoff.

OF course it may be a bug in system monitoring :slight_smile:

I’m afraid I’m running out of ideas apart from getting someone to comment on your CIS log, which seems to indicate CIS is stopping explorer.exe from being started by userinit. Fairly sure it shoudn’t be.

From what you said in debug report I though this only occurred on startup, but from your phrasing subsequently (‘when the hell it wants’ - maybe my misinterpretation) it seemed it was just happening at random times. Is it only on startup?

I’ll see who I can contact tomorrow.

Best wishes

Mouse

Oh yes sorry, it only happens on startup but it happens on whichever start-up it wants. Before on my old system it would usually only happen in the morning but now it happens at whichever start-up it wants.

I could always try adding explorer.exe and userinit to the trusted files.

You could but CIS will probably refuse, if it doesn’t then that may mean those files are unsigned, which could be worrying.

But don’t worry too much in 2626 the file rating system seemed to fall over from time to time. Could be that’s what’s happening. I guess it should be fixed as it was reported but …well… you know.

Best wishes

Mouse

I just added explorer.exe and userinit.exe to the trusted files… it didn’t complain at least. In fact it didn’t really say anything just closed the file browser windows so I assume it worked…

You seem to know your IT. Would you know how to verify the signature on those files? & post screenshot.

You can use a command line tool sigcheck I think from sysinternals (part of MS) or sigverif from microsoft, but the latter used to work in a very strange way.

With sigcheck you can set it to validate revocation of the signature as well.

Else I can tell you how.

Fairly important in case you are infected (low probability). More certain than an AV scan.

IF sig is OK then a rating scan should sort things out, or a CIS re-install.

Best wishes

Mouse

Would be helpful if you could tell me how. I downloaded sigcheck and ran it, for explorer.exe it says “Signed” however the console windows isn’t able to hold enough lines for me to find the userinit.exe, it is cut off.

There got the userinit.exe file too, it’s signed.