Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware-bytes hanging computer [Solved]


  • This topic is locked This topic is locked

#46
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Stalled on mstsc.cof
  • 0

Advertisements


#47
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Just a question before we move on, do you use Remote Desktop Connection?
  • 0

#48
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I don't think I have used it since I got this computer. Will I ever use it? At some point in time i assume.
  • 0

#49
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
I'm afraid you have a bad Hard Drive. I'll tell about this on the techs to see what they suggest. For now follow this:

1. Open the Start Menu.
2. Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image
3. In the elevated command prompt, type:

chkdsk /f /r

.
It will ask you to run chkdsk at the next boot type Y and press enter.
4.Reboot and don't touch any key, let chkdsk scan your Drive.
5.When it finishes, read here on how to find the chkdsk log and copy it and paste it in your next post.


Next:

Open Device Manager by clicking the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking Device Manager.‌ If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
Expand the window so all the devices appear and take a screenshot of it and post it here.
  • 0

#50
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 12/18/2011 6:35:15 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Darron-PC
Description:


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
363200 file records processed.

1668 large file records processed.

0 bad file records processed.

0 EA records processed.

58 reparse records processed.

448652 index entries processed.

0 unindexed files processed.

363200 security descriptors processed.

Cleaning up 69 unused index entries from index $SII of file 0x9.
Cleaning up 69 unused index entries from index $SDH of file 0x9.
Cleaning up 69 unused security descriptors.
42727 data files processed.

CHKDSK is verifying Usn Journal...
36125512 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000010 at offset 0x2a0b555000 for 0x10000 bytes.
Read failure with status 0xc0000010 at offset 0x2a0b561000 for 0x1000 bytes.
Windows replaced bad clusters in file 220986
of name \Windows\winsxs\X817D6~1.228\mstsc.exe.
363184 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
29767285 free clusters processed.

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

298937343 KB total disk space.
179237752 KB in 238162 files.
146988 KB in 42728 indexes.
4 KB in bad sectors.
483459 KB in use by the system.
65536 KB occupied by the log file.
119069140 KB available on disk.

4096 bytes in each allocation unit.
74734335 total allocation units on disk.
29767285 allocation units available on disk.

Internal Info:
c0 8a 05 00 45 49 04 00 1c 8f 07 00 00 00 00 00 ....EI..........
1c 8d 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 ....:...........
30 c7 a6 77 00 00 00 00 50 23 69 ff 00 00 00 00 0..w....P#i.....

Windows has finished checking your disk.
Please wait while your computer restarts.


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.
363200 file records processed.

1668 large file records processed.

0 bad file records processed.

0 EA records processed.

58 reparse records processed.

448652 index entries processed.

0 unindexed files processed.

363200 security descriptors processed.

42727 data files processed.

CHKDSK is verifying Usn Journal...
36125976 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
363184 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
29767283 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

298937343 KB total disk space.
179237760 KB in 238163 files.
146988 KB in 42728 indexes.
4 KB in bad sectors.
483459 KB in use by the system.
65536 KB occupied by the log file.
119069132 KB available on disk.

4096 bytes in each allocation unit.
74734335 total allocation units on disk.
29767283 allocation units available on disk.

Internal Info:
c0 8a 05 00 46 49 04 00 1d 8f 07 00 00 00 00 00 ....FI..........
1c 8d 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 ....:...........
30 c7 fa 76 00 00 00 00 50 23 1d ff 00 00 00 00 0..v....P#......

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-12-18T23:35:15.000Z" />
<EventRecordID>37312</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Darron-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
363200 file records processed.

1668 large file records processed.

0 bad file records processed.

0 EA records processed.

58 reparse records processed.

448652 index entries processed.

0 unindexed files processed.

363200 security descriptors processed.

Cleaning up 69 unused index entries from index $SII of file 0x9.
Cleaning up 69 unused index entries from index $SDH of file 0x9.
Cleaning up 69 unused security descriptors.
42727 data files processed.

CHKDSK is verifying Usn Journal...
36125512 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000010 at offset 0x2a0b555000 for 0x10000 bytes.
Read failure with status 0xc0000010 at offset 0x2a0b561000 for 0x1000 bytes.
Windows replaced bad clusters in file 220986
of name \Windows\winsxs\X817D6~1.228\mstsc.exe.
363184 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
29767285 free clusters processed.

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

298937343 KB total disk space.
179237752 KB in 238162 files.
146988 KB in 42728 indexes.
4 KB in bad sectors.
483459 KB in use by the system.
65536 KB occupied by the log file.
119069140 KB available on disk.

4096 bytes in each allocation unit.
74734335 total allocation units on disk.
29767285 allocation units available on disk.

Internal Info:
c0 8a 05 00 45 49 04 00 1c 8f 07 00 00 00 00 00 ....EI..........
1c 8d 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 ....:...........
30 c7 a6 77 00 00 00 00 50 23 69 ff 00 00 00 00 0..w....P#i.....

Windows has finished checking your disk.
Please wait while your computer restarts.


Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.
363200 file records processed.

1668 large file records processed.

0 bad file records processed.

0 EA records processed.

58 reparse records processed.

448652 index entries processed.

0 unindexed files processed.

363200 security descriptors processed.

42727 data files processed.

CHKDSK is verifying Usn Journal...
36125976 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
363184 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
29767283 free clusters processed.

Free space verification is complete.
Windows has checked the file system and found no problems.

298937343 KB total disk space.
179237760 KB in 238163 files.
146988 KB in 42728 indexes.
4 KB in bad sectors.
483459 KB in use by the system.
65536 KB occupied by the log file.
119069132 KB available on disk.

4096 bytes in each allocation unit.
74734335 total allocation units on disk.
29767283 allocation units available on disk.

Internal Info:
c0 8a 05 00 46 49 04 00 1d 8f 07 00 00 00 00 00 ....FI..........
1c 8d 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 ....:...........
30 c7 fa 76 00 00 00 00 50 23 1d ff 00 00 00 00 0..v....P#......

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

Attached Thumbnails

  • device manager.JPG

  • 0

#51
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Windows replaced bad clusters in file 220986
of name \Windows\winsxs\X817D6~1.228\mstsc.exe.

You may want to retry a scan to see if it still stalls, however it's not required. Your drive is most probably failing:

Read failure with status 0xc0000010 at offset 0x2a0b555000 for 0x10000 bytes.
Read failure with status 0xc0000010 at offset 0x2a0b561000 for 0x1000 bytes.


I can't help with this as I'm a malware tech. Your computer is clean, so here is the speech to remove the tools we have used and security measurements to stay clean. After this, you can post a new topic at the hardware forum and include the link to this topic in the post as well as a description of the problem. :thumbsup:



Congratulations! Your logs are clean! :) Now that you are clean, please follow these precautions in order to keep safe:


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer.


Next:


Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /Uninstall in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image

Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL for the last time and hit the cleanup button. It will remove all the programs we have used plus itself.

Next:

Note: If you are using Firefox I would suggest the use of these add-ons:
  • NoScript - for blocking ads and other potential website attacks.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Next:


Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.



Next:


Additional security programs - For additional security, the use of these tools is important:
  • Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.
  • The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial

Next:

Upgrading Java:
  • Go here and click Do I have Java
  • It will check your current version and then offer to update to the latest version, if there are any.


Next:


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Next:


Keep a backup of your important files to prevent future data loss.


Happy safe computing !! :)
  • 0

#52
Snypa86

Snypa86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thank You again.!
Merry Christmas and a Happy New Year.

Edited by Snypa86, 22 December 2011 - 04:44 PM.

  • 0

#53
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
You're welcome and Merry Christmas to you too :cheers:

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP