Sign In
Create Account
1
I just download anti-malware, ran a quick scan which removed one registry error. (Also my CA antivirus opened a window and said it deleted 12 viruses - i'm not sure why CA did not see those before?)
Then I tried to run a full scan. It failed when system reported an error with explorere.exe, illegal instructions 0xc000001d at location 0x77fb960. windows 200 froze, and I had to reboot.
Then i tried a 2nd time to run a full scan. This time windows reported that Anti-malware instruction at 0x77fb7964 at 0x00000002 - memory could not be read.
I have had this memory could not be read/written before, usually with IEXPLORE.exe.
I want to get a full scan to eliminate any malware on my pc, and have been following the guide on geekstogo.com, which has running a full scan as part of their process.
thanks,
matt
ps: i do get a buffer overrun, in caissdt.exe, every time I tart windows. I usually just ignore that error message.
Back to top
#2
Posted 18 June 2009 - 12:46 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
You may have corrupted files on your disk. Please try running CHKDSK C: /F if you don't know how let us know.
Then read the following and start a NEW post in the listed forum and as soon as someone is available they will assist you with this.
Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.
Then read the following and start a NEW post in the listed forum and as soon as someone is available they will assist you with this.
Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.
- Please read and follow the instructions provided here: I'm infected - What do I do now?
- If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
- When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
- Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
- Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
- Using these other tools often makes the cleanup task more difficult and time consuming.
- If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
- Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
- There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
- NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
#3
Posted 18 June 2009 - 01:39 AM
-
- Members
-
- 29 posts
New Member
ADvancedsetup,
I am following the instructions in link 1, but had an issue with running chkdsk. Seems it does not like the /F parameter.
I opened a DOS window and ran chkdsk 4 times,
the first did not work,
the 2nd I think i ran wrong (there's no ? parm)
the 3rd seemed to find 1 error (Convert lost chains to files (Y/N)? n )
the 4th ran with no problems found.
SO - I assume my hard drive is OK. Would you agree?
I am going to run and post the Anti-malware and Hijackthis logs. OK?
C:\WINNT\SYSTEM32>chkdsk C: /F
Cannot lock current drive.
Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) n
C:\WINNT\SYSTEM32>chkdsk ?
The type of the file system is FAT32.
Volume DRV2_VOL1 created 11/22/2006 9:50 PM
Volume Serial Number is 737F-2973
Windows is verifying files and folders...
File and folder verification is complete.
Windows has checked the file system and found no problem.
117,189,600 KB total disk space.
2,268,736 KB in 2,653 hidden files.
412,224 KB in 12,761 folders.
31,480,544 KB in 149,187 files.
83,028,064 KB are available.
32,768 bytes in each allocation unit.
3,662,175 total allocation units on disk.
2,594,627 allocation units available on disk.
The \WINNT\SYSTEM32\? file was not found.
C:\WINNT\SYSTEM32>chkdsk
The type of the file system is FAT32.
Volume DRV2_VOL1 created 11/22/2006 9:50 PM
Volume Serial Number is 737F-2973
Windows is verifying files and folders...
Windows found errors on the disk, but will not fix them
because disk checking was run without the /F (fix) parameter.
\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\
6ip6a61p.default\sessionstore.js first allocation unit is not valid. The entry
will be truncated.
File and folder verification is complete.
Convert lost chains to files (Y/N)? n
32 KB of free disk space would be added.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.
117,189,600 KB total disk space.
2,268,736 KB in 2,653 hidden files.
412,352 KB in 12,765 folders.
31,484,000 KB in 149,196 files.
83,024,448 KB are available.
C:\WINNT\SYSTEM32>chkdsk
The type of the file system is FAT32.
Volume DRV2_VOL1 created 11/22/2006 9:50 PM
Volume Serial Number is 737F-2973
Windows is verifying files and folders...
File and folder verification is complete.
Windows has checked the file system and found no problem.
117,189,600 KB total disk space.
2,268,736 KB in 2,653 hidden files.
412,352 KB in 12,765 folders.
31,483,040 KB in 149,199 files.
83,025,440 KB are available.
32,768 bytes in each allocation unit.
3,662,175 total allocation units on disk.
2,594,545 allocation units available on disk.
C:\WINNT\SYSTEM32
I am following the instructions in link 1, but had an issue with running chkdsk. Seems it does not like the /F parameter.
I opened a DOS window and ran chkdsk 4 times,
the first did not work,
the 2nd I think i ran wrong (there's no ? parm)
the 3rd seemed to find 1 error (Convert lost chains to files (Y/N)? n )
the 4th ran with no problems found.
SO - I assume my hard drive is OK. Would you agree?
I am going to run and post the Anti-malware and Hijackthis logs. OK?
C:\WINNT\SYSTEM32>chkdsk C: /F
Cannot lock current drive.
Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) n
C:\WINNT\SYSTEM32>chkdsk ?
The type of the file system is FAT32.
Volume DRV2_VOL1 created 11/22/2006 9:50 PM
Volume Serial Number is 737F-2973
Windows is verifying files and folders...
File and folder verification is complete.
Windows has checked the file system and found no problem.
117,189,600 KB total disk space.
2,268,736 KB in 2,653 hidden files.
412,224 KB in 12,761 folders.
31,480,544 KB in 149,187 files.
83,028,064 KB are available.
32,768 bytes in each allocation unit.
3,662,175 total allocation units on disk.
2,594,627 allocation units available on disk.
The \WINNT\SYSTEM32\? file was not found.
C:\WINNT\SYSTEM32>chkdsk
The type of the file system is FAT32.
Volume DRV2_VOL1 created 11/22/2006 9:50 PM
Volume Serial Number is 737F-2973
Windows is verifying files and folders...
Windows found errors on the disk, but will not fix them
because disk checking was run without the /F (fix) parameter.
\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\
6ip6a61p.default\sessionstore.js first allocation unit is not valid. The entry
will be truncated.
File and folder verification is complete.
Convert lost chains to files (Y/N)? n
32 KB of free disk space would be added.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.
117,189,600 KB total disk space.
2,268,736 KB in 2,653 hidden files.
412,352 KB in 12,765 folders.
31,484,000 KB in 149,196 files.
83,024,448 KB are available.
C:\WINNT\SYSTEM32>chkdsk
The type of the file system is FAT32.
Volume DRV2_VOL1 created 11/22/2006 9:50 PM
Volume Serial Number is 737F-2973
Windows is verifying files and folders...
File and folder verification is complete.
Windows has checked the file system and found no problem.
117,189,600 KB total disk space.
2,268,736 KB in 2,653 hidden files.
412,352 KB in 12,765 folders.
31,483,040 KB in 149,199 files.
83,025,440 KB are available.
32,768 bytes in each allocation unit.
3,662,175 total allocation units on disk.
2,594,545 allocation units available on disk.
C:\WINNT\SYSTEM32
#4
Posted 18 June 2009 - 03:56 AM
-
- Administrators
-
- 22,575 posts
Forum Deity
- Gender:Male
- Location:US
You need to press the Y key to allow CHKDSK to run on reboot. You can not fix a drive while logged on.
Run it again as shown. CHKDSK C: /F
When it says it can't lock the drive and would you like to check it on next reboot press the Y key and then the ENTER key.
Then reboot and have it run.
Run it again as shown. CHKDSK C: /F
When it says it can't lock the drive and would you like to check it on next reboot press the Y key and then the ENTER key.
Then reboot and have it run.
#5
Posted 19 June 2009 - 04:37 PM
-
- Members
-
- 29 posts
New Member
Advance, I will do that.
And what if it asks me when rebooting to respond, such as "convert lost chains (Y/N)?" How should I respond?
And what if it asks me when rebooting to respond, such as "convert lost chains (Y/N)?" How should I respond?
#6
Posted 19 June 2009 - 06:30 PM
-
- Members
-
- 29 posts
New Member
ADvancedsetup,
Done. (I didn't realize that was what scheduled meant. I also just realized, that I've seen that run automatically when I booted up a number of times after I had to reboot with the OFF power switch after my PC had locked up).
I posted in the other forum as you suggested.
Thanks,
Matt
Done. (I didn't realize that was what scheduled meant. I also just realized, that I've seen that run automatically when I booted up a number of times after I had to reboot with the OFF power switch after my PC had locked up).
I posted in the other forum as you suggested.
Thanks,
Matt
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
