Jump to content

Recommended Posts

My daughter has a laptop running Windows 7. I can start in safe mode and run malwarebytes, AVG and Spybots. I've run these several times and was getting 0 infections...Still cannot start in normal mode. After a couple of seconds, a blue screen pops up, saying that windows will shut down to prevent a crash. I did a system recovery to a time before this shutdown started, but it didn't work, still having the same problem. Updated and ran Malwarebytes again. Here is the log. What other logs should I try to get. I can only run in safe mode at this point in time.

Thank you in advance for you help.

Cyndie

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 6340

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

4/11/2011 11:24:14 PM

mbam-log-2011-04-11 (23-24-14).txt

Scan type: Quick scan

Objects scanned: 165546

Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\$Recycle.Bin\s-1-5-21-1406705716-1417950885-3890049717-1000\$RQ1JXM0.exe (PUP.FunWebProducts) -> Not selected for removal.

Link to post
Share on other sites

Hi,

The blue screen flashes on and off in a matter of a few seconds, but here's what I can get, one line at a time!

"A problem has been detected. Windows has been shut down to prevent damage to your computer.

driver_irql_not_less_or_equal

if this is the first time your seeing this error, restart your computer. If this screen appears again follow these steps."

So the next time I restarted it, to get more of the blue screen, we got a "windows just recovered from a shutdown". I was able to update MBAM, and actually run it....Here is the log:

Scan type: Quick scan

Objects scanned: 166623

Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Windows hasn't shut down yet, and it's been about 10 minutes. It's been shutting down just about immediately after starting. Not sure what this means, other than it's staying on....

Thanks,

Cyndie

Link to post
Share on other sites

Hi,

I figured out that I downloaded the drivers on that sight, not the speedfan. But now I've downloaded speedfan and ran it, but I'm not sure what to send to you. I don't know how to take a screenshot. Can you give me instructions on how to do that?

Thanks, CyndieRaz

Link to post
Share on other sites

  • Staff

Hi,

The temperatures are fine. Please update MBAM, run a Quick Scan, and post its log.

Next, click Start --> Run, type cmd.exe and press Enter.

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk1.txt"

Press Enter.

When it finishes, open chkdsk1.txt on your Desktop and post its contents here.

Link to post
Share on other sites

Heres the log.

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 6444

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

4/25/2011 7:19:41 PM

mbam-log-2011-04-25 (19-19-41).txt

Scan type: Quick scan

Objects scanned: 155956

Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\Temp\fmpp.tmp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\gsnc.tmp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

I'm having problems with the cmd.exe I can start it and type in the command, but the computer keeps shutting down. I'm posting the MBAM for now, and if I can get the other to work, I'll post it.

Link to post
Share on other sites

This is what I got from cmd.exe... it didn't finish, I guess, it only got to 53 percent... Like I said in an earlier post, the computer kept shutting down, but I wanted to post what I could. I will try to continue running it.

Thanks so much!

The type of the file system is NTFS.

The volume is in use by another process. Chkdsk

might report errors when no corruption is present.

Volume label is TI105756W0B.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

0 percent complete. (0 of 148992 file records processed)

1 percent complete. (14900 of 148992 file records processed)

2 percent complete. (29799 of 148992 file records processed)

3 percent complete. (44698 of 148992 file records processed)

4 percent complete. (59597 of 148992 file records processed)

5 percent complete. (74496 of 148992 file records processed)

6 percent complete. (89396 of 148992 file records processed)

7 percent complete. (104295 of 148992 file records processed)

8 percent complete. (119194 of 148992 file records processed)

9 percent complete. (134093 of 148992 file records processed)

148992 file records processed.

File verification completed.

271 large file records processed.

0 bad file records processed.

0 EA records processed.

50 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...

11 percent complete. (3898 of 197930 index entries processed)

12 percent complete. (7903 of 197930 index entries processed)

13 percent complete. (11907 of 197930 index entries processed)

14 percent complete. (15912 of 197930 index entries processed)

15 percent complete. (19916 of 197930 index entries processed)

16 percent complete. (23921 of 197930 index entries processed)

17 percent complete. (27926 of 197930 index entries processed)

18 percent complete. (31930 of 197930 index entries processed)

19 percent complete. (35935 of 197930 index entries processed)

20 percent complete. (39939 of 197930 index entries processed)

21 percent complete. (43944 of 197930 index entries processed)

22 percent complete. (47949 of 197930 index entries processed)

23 percent complete. (51953 of 197930 index entries processed)

24 percent complete. (55958 of 197930 index entries processed)

25 percent complete. (59962 of 197930 index entries processed)

26 percent complete. (63967 of 197930 index entries processed)

27 percent complete. (67972 of 197930 index entries processed)

28 percent complete. (71976 of 197930 index entries processed)

29 percent complete. (75981 of 197930 index entries processed)

30 percent complete. (79985 of 197930 index entries processed)

31 percent complete. (83990 of 197930 index entries processed)

32 percent complete. (87995 of 197930 index entries processed)

33 percent complete. (91999 of 197930 index entries processed)

34 percent complete. (96004 of 197930 index entries processed)

35 percent complete. (100008 of 197930 index entries processed)

36 percent complete. (104013 of 197930 index entries processed)

37 percent complete. (108018 of 197930 index entries processed)

38 percent complete. (112022 of 197930 index entries processed)

39 percent complete. (116027 of 197930 index entries processed)

40 percent complete. (120031 of 197930 index entries processed)

41 percent complete. (124036 of 197930 index entries processed)

42 percent complete. (128041 of 197930 index entries processed)

43 percent complete. (132045 of 197930 index entries processed)

44 percent complete. (136050 of 197930 index entries processed)

45 percent complete. (140054 of 197930 index entries processed)

46 percent complete. (144059 of 197930 index entries processed)

47 percent complete. (148064 of 197930 index entries processed)

47 percent complete. (149004 of 197930 index entries processed)

47 percent complete. (149738 of 197930 index entries processed)

47 percent complete. (150169 of 197930 index entries processed)

47 percent complete. (150952 of 197930 index entries processed)

47 percent complete. (151372 of 197930 index entries processed)

47 percent complete. (151906 of 197930 index entries processed)

48 percent complete. (152068 of 197930 index entries processed)

48 percent complete. (152678 of 197930 index entries processed)

48 percent complete. (153340 of 197930 index entries processed)

48 percent complete. (155309 of 197930 index entries processed)

49 percent complete. (156073 of 197930 index entries processed)

49 percent complete. (156957 of 197930 index entries processed)

49 percent complete. (158487 of 197930 index entries processed)

49 percent complete. (159108 of 197930 index entries processed)

50 percent complete. (160077 of 197930 index entries processed)

50 percent complete. (162141 of 197930 index entries processed)

50 percent complete. (163119 of 197930 index entries processed)

50 percent complete. (163515 of 197930 index entries processed)

50 percent complete. (163730 of 197930 index entries processed)

50 percent complete. (164034 of 197930 index entries processed)

51 percent complete. (164082 of 197930 index entries processed)

51 percent complete. (164390 of 197930 index entries processed)

51 percent complete. (164838 of 197930 index entries processed)

51 percent complete. (165100 of 197930 index entries processed)

51 percent complete. (165408 of 197930 index entries processed)

51 percent complete. (165567 of 197930 index entries processed)

51 percent complete. (165998 of 197930 index entries processed)

51 percent complete. (166391 of 197930 index entries processed)

51 percent complete. (166542 of 197930 index entries processed)

51 percent complete. (167231 of 197930 index entries processed)

51 percent complete. (167752 of 197930 index entries processed)

52 percent complete. (168087 of 197930 index entries processed)

52 percent complete. (168663 of 197930 index entries processed)

52 percent complete. (171191 of 197930 index entries processed)

53 percent complete. (172091 of 197930 index entries processed)

Link to post
Share on other sites

I think this is the finished cmd.exe file... If it's not, please let me know and I'll try to run it again. What's next....? Thanks for your help. Oh, I still am running only on safe mode, the computer shuts down when I run in normal mode.

The type of the file system is NTFS.

The volume is in use by another process. Chkdsk

might report errors when no corruption is present.

Volume label is TI105756W0B.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

0 percent complete. (0 of 148992 file records processed)

1 percent complete. (14900 of 148992 file records processed)

1 percent complete. (28676 of 148992 file records processed)

2 percent complete. (29799 of 148992 file records processed)

3 percent complete. (44698 of 148992 file records processed)

4 percent complete. (59597 of 148992 file records processed)

5 percent complete. (74496 of 148992 file records processed)

6 percent complete. (89396 of 148992 file records processed)

7 percent complete. (104295 of 148992 file records processed)

8 percent complete. (119194 of 148992 file records processed)

9 percent complete. (134093 of 148992 file records processed)

148992 file records processed.

File verification completed.

271 large file records processed.

0 bad file records processed.

0 EA records processed.

50 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...

11 percent complete. (3898 of 197930 index entries processed)

12 percent complete. (7903 of 197930 index entries processed)

13 percent complete. (11908 of 197930 index entries processed)

14 percent complete. (15912 of 197930 index entries processed)

15 percent complete. (19917 of 197930 index entries processed)

16 percent complete. (23922 of 197930 index entries processed)

17 percent complete. (27926 of 197930 index entries processed)

18 percent complete. (31931 of 197930 index entries processed)

19 percent complete. (35936 of 197930 index entries processed)

20 percent complete. (39940 of 197930 index entries processed)

21 percent complete. (43945 of 197930 index entries processed)

22 percent complete. (47950 of 197930 index entries processed)

23 percent complete. (51954 of 197930 index entries processed)

24 percent complete. (55959 of 197930 index entries processed)

25 percent complete. (59964 of 197930 index entries processed)

26 percent complete. (63968 of 197930 index entries processed)

27 percent complete. (67973 of 197930 index entries processed)

28 percent complete. (71978 of 197930 index entries processed)

29 percent complete. (75982 of 197930 index entries processed)

30 percent complete. (79987 of 197930 index entries processed)

31 percent complete. (83992 of 197930 index entries processed)

32 percent complete. (87996 of 197930 index entries processed)

33 percent complete. (92001 of 197930 index entries processed)

34 percent complete. (96006 of 197930 index entries processed)

35 percent complete. (100011 of 197930 index entries processed)

36 percent complete. (104015 of 197930 index entries processed)

37 percent complete. (108020 of 197930 index entries processed)

38 percent complete. (112025 of 197930 index entries processed)

39 percent complete. (116029 of 197930 index entries processed)

40 percent complete. (120034 of 197930 index entries processed)

41 percent complete. (124039 of 197930 index entries processed)

42 percent complete. (128043 of 197930 index entries processed)

43 percent complete. (132048 of 197930 index entries processed)

44 percent complete. (136053 of 197930 index entries processed)

45 percent complete. (140057 of 197930 index entries processed)

46 percent complete. (144062 of 197930 index entries processed)

47 percent complete. (148067 of 197930 index entries processed)

47 percent complete. (149004 of 197930 index entries processed)

47 percent complete. (149710 of 197930 index entries processed)

47 percent complete. (150133 of 197930 index entries processed)

47 percent complete. (150944 of 197930 index entries processed)

47 percent complete. (151352 of 197930 index entries processed)

47 percent complete. (151861 of 197930 index entries processed)

48 percent complete. (152071 of 197930 index entries processed)

48 percent complete. (152594 of 197930 index entries processed)

48 percent complete. (153338 of 197930 index entries processed)

48 percent complete. (155250 of 197930 index entries processed)

49 percent complete. (156076 of 197930 index entries processed)

49 percent complete. (156957 of 197930 index entries processed)

49 percent complete. (158487 of 197930 index entries processed)

49 percent complete. (159108 of 197930 index entries processed)

50 percent complete. (160081 of 197930 index entries processed)

50 percent complete. (162127 of 197930 index entries processed)

50 percent complete. (163119 of 197930 index entries processed)

50 percent complete. (163517 of 197930 index entries processed)

50 percent complete. (163774 of 197930 index entries processed)

51 percent complete. (164085 of 197930 index entries processed)

51 percent complete. (164395 of 197930 index entries processed)

51 percent complete. (164839 of 197930 index entries processed)

51 percent complete. (165110 of 197930 index entries processed)

51 percent complete. (165413 of 197930 index entries processed)

51 percent complete. (165567 of 197930 index entries processed)

51 percent complete. (166000 of 197930 index entries processed)

51 percent complete. (166399 of 197930 index entries processed)

51 percent complete. (166567 of 197930 index entries processed)

51 percent complete. (167250 of 197930 index entries processed)

51 percent complete. (167778 of 197930 index entries processed)

52 percent complete. (168090 of 197930 index entries processed)

52 percent complete. (168745 of 197930 index entries processed)

52 percent complete. (171174 of 197930 index entries processed)

53 percent complete. (172095 of 197930 index entries processed)

53 percent complete. (172446 of 197930 index entries processed)

53 percent complete. (172847 of 197930 index entries processed)

53 percent complete. (173212 of 197930 index entries processed)

53 percent complete. (173416 of 197930 index entries processed)

197930 index entries processed.

Index verification completed.

0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...

60 percent complete. (6592 of 148992 file SDs/SIDs processed)

61 percent complete. (18606 of 148992 file SDs/SIDs processed)

62 percent complete. (30620 of 148992 file SDs/SIDs processed)

63 percent complete. (42634 of 148992 file SDs/SIDs processed)

64 percent complete. (54648 of 148992 file SDs/SIDs processed)

65 percent complete. (66662 of 148992 file SDs/SIDs processed)

66 percent complete. (78676 of 148992 file SDs/SIDs processed)

67 percent complete. (90690 of 148992 file SDs/SIDs processed)

68 percent complete. (102704 of 148992 file SDs/SIDs processed)

69 percent complete. (114718 of 148992 file SDs/SIDs processed)

70 percent complete. (126732 of 148992 file SDs/SIDs processed)

71 percent complete. (138746 of 148992 file SDs/SIDs processed)

148992 file SDs/SIDs processed.

Security descriptor verification completed.

24470 data files processed.

CHKDSK is verifying Usn Journal...

99 percent complete. (0 of 35611480 USN bytes processed)

100 percent complete. (35610624 of 35611480 USN bytes processed)

35611480 USN bytes processed.

Usn Journal verification completed.

The master file table's (MFT) BITMAP attribute is incorrect.

The Volume Bitmap is incorrect.

Windows found problems with the file system.

Run CHKDSK with the /F (fix) option to correct these.

301612031 KB total disk space.

69445212 KB in 119658 files.

82452 KB in 24471 indexes.

0 KB in bad sectors.

260447 KB in use by the system.

65536 KB occupied by the log file.

231823920 KB available on disk.

4096 bytes in each allocation unit.

75403007 total allocation units on disk.

57955980 allocation units available on disk.

Link to post
Share on other sites

  • Staff

Hi,

Your version of MBAM is out of date.

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

chkdsk found problems with your hard drive.

Click Start --> Run, type in cmd.exe again, except this time, right-click cmd.exe and click Run as Admin...

Enter this command:

chkdsk /f>"%userprofile%\desktop\chkdsk slash f.txt"

Follow any prompts given. When it finishes, check your Desktop for chkdsk slash f.txt and post its contents here.

Link to post
Share on other sites

I updated MBAM as you requested and ran it. Here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6467

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

4/28/2011 8:16:33 PM

mbam-log-2011-04-28 (20-16-33).txt

Scan type: Quick scan

Objects scanned: 156243

Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\Temp\ntop.tmp\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Here is the notepad from the cmd.exe:

The type of the file system is NTFS.

Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another

process. Would you like to schedule this volume to be

checked the next time the system restarts? (Y/N)

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.