Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezes during scan and after start-up with Webroot


  • Please log in to reply
31 replies to this topic

#1 twodollars

twodollars

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 18 August 2014 - 12:21 PM

I am having problems with my computer freezing. Originally it was freezing about 2 minutes after startup when Webroot started its scan. I worked with Webroot to try to find problem and they finally said to uninstall and try another antivirus software. I tried Avast and had the same issues. I can use Windows Defender for real-time defense but I can't get through an entire scan without it freezing up.

 

I've downloaded Malwarebytes and it has run and found no issues.

 

I am at a loss as to what to do. I have an HP Pavilion g7 laptop and HP is clueless on what the problem could be. Could I be infected?



BC AdBot (Login to Remove)

 


#2 R0D3R1CK

R0D3R1CK

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 20 August 2014 - 11:53 PM

Hello twodollars and :welcome: to BleepingComputer.

Thanks for being patient. If you still need assistance, please follow these instructions:

#######################################################

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer. You will need to run RKill again if you reboot.
#######################################################

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1: If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2: SecurityCheck may produce some false warning(s), so leave the results reading to me.


#######################################################

Please download MiniToolBox, save it to your desktop, and run it.
Checkmark the following checkboxes:
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
#######################################################

Please download AdwCleaner by Xplode and save to your Desktop.
  • If you are using Windows Vista, 7 or 8, right-click and select Run As Administrator. Otherwise, double-click on AdwCleaner.exe to run the tool.
  • Click on the Scan button.
  • AdwCleaner will begin. Please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button. A logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • All logfiles are saved in the C:\AdwCleaner folder, which was created when running the tool.
#######################################################

Lastly, retrieve the log from the last time you ran Malwarebytes

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


#######################################################

Please provide the following in your next reply:
  • the RKill log
  • checkup.txt from Security Check
  • Result.txt from MiniToolBox
  • AdwCleaner[R#].txt from AdwCleaner
  • the Malwarebytes log
Notes:
  • Copy and paste the text from the logs. Do not upload them unless instructed to do so.
  • Do not place the text from the logs in "quote" or "code" boxes
  • Do not use spoilers
  • Do not edit your replies. Create a new reply if you think of something you want to add.
Regards,
r0d3r1ck

#3 twodollars

twodollars
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 22 August 2014 - 02:19 PM

Yes, I still need help. Now webroot is telling me that their log shows NTFS errors, but they won't tell me what their log says specificially and using other methods I can't find a NTFS error.  Now my Firefox is locking up just randomly. It looks like it is using a ton of memory.

 

 

Does this sound like a virus/malware issue?



#4 R0D3R1CK

R0D3R1CK

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 22 August 2014 - 02:33 PM

It doesn't sound like malware necessarily, especially since Malwarebytes was able to scan and found no malicious items. I'd still like to see the results of instructions in my first reply. However, the NTFS errors should be handled first.
 

using other methods I can't find a NTFS error

What other methods have you used?

And what operating system are you using (Windows XP, Windows Vista, Windows 7, Windows 8, etc.)?

#5 twodollars

twodollars
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 22 August 2014 - 04:03 PM

I have windows 8.1 and I ran the error checking through right-clicking on the c drive on my computer and selecting properties - tools - error checking and then scanning anyway. No errors were found. I don't know if there is another way to check for errors or not.



#6 R0D3R1CK

R0D3R1CK

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 22 August 2014 - 05:07 PM

That's good, but let's try it this way just to be certain.
  • Close all open applications. You may want to print these instructions.
  • Right-click on the start button (the Windows logo) and select Command Prompt (Admin)
  • A command prompt window will appear. Type chkdsk /r and press Enter
  • When you're asked about scheduling the volume to be checked the next time the system starts, type Y and press Enter. If you're not asked about scheduling, let me know.
  • Reboot the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.
A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
  • Click the Windows logo Start button, then type "eventvwr" without the quotes, then press the <ENTER> key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.


#7 twodollars

twodollars
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 22 August 2014 - 10:16 PM

Thanks for the help. It took a while to run  but here it is:

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          8/22/2014 8:15:17 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Laptop-amy
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  361984 file records processed.                                                        

File verification completed.
  5585 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  457712 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 3219 unused index entries from index $SII of file 0x9.
Cleaning up 3219 unused index entries from index $SDH of file 0x9.
Cleaning up 3219 unused security descriptors.
Security descriptor verification completed.
  47865 data files processed.                                           

CHKDSK is verifying Usn Journal...
  374504192 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
Read failure with status 0xc0000185 at offset 0x9e275b000 for 0x10000 bytes.
A disk read error occurredc0000185
The disk does not have enough space to replace bad clusters
detected in file 155250 of name \PROGRA~2\CISCOS~1\CISCOC~1\CISCOC~1.EXE.
  361968 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
Read failure with status 0xc0000185 at offset 0x12a90d0000 for 0x20000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e0000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e0000 for 0x8000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e4000 for 0x4000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x2000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x800 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6800 for 0x800 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x400 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6400 for 0x400 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6800 for 0x400 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6c00 for 0x400 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x200 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6200 for 0x200 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6400 for 0x200 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6600 for 0x200 bytes.
  97902523 free clusters processed.                                                       

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 461171711 KB total disk space.
  68630068 KB in 183767 files.
    118164 KB in 47866 indexes.
         4 KB in bad sectors.
    813383 KB in use by the system.
     65536 KB occupied by the log file.
 391610092 KB available on disk.

      4096 bytes in each allocation unit.
 115292927 total allocation units on disk.
  97902523 allocation units available on disk.

Internal Info:
00 86 05 00 d9 88 03 00 b9 7f 06 00 00 00 00 00  ................
02 02 00 00 35 00 00 00 00 00 00 00 00 00 00 00  ....5...........

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-08-23T01:15:17.000000000Z" />
    <EventRecordID>96352</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Laptop-amy</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  361984 file records processed.                                                        

File verification completed.
  5585 large file records processed.                                   

  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
  457712 index entries processed.                                                       

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      


Stage 3: Examining security descriptors ...
Cleaning up 3219 unused index entries from index $SII of file 0x9.
Cleaning up 3219 unused index entries from index $SDH of file 0x9.
Cleaning up 3219 unused security descriptors.
Security descriptor verification completed.
  47865 data files processed.                                           

CHKDSK is verifying Usn Journal...
  374504192 USN bytes processed.                                                           

Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
Read failure with status 0xc0000185 at offset 0x9e275b000 for 0x10000 bytes.
A disk read error occurredc0000185
The disk does not have enough space to replace bad clusters
detected in file 155250 of name \PROGRA~2\CISCOS~1\CISCOC~1\CISCOC~1.EXE.
  361968 files processed.                                                               

File data verification completed.

Stage 5: Looking for bad, free clusters ...
Read failure with status 0xc0000185 at offset 0x12a90d0000 for 0x20000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e0000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e0000 for 0x8000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e4000 for 0x4000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x2000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x800 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6800 for 0x800 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x400 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6400 for 0x400 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6800 for 0x400 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6c00 for 0x400 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6000 for 0x200 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6200 for 0x200 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6400 for 0x200 bytes.
Read failure with status 0xc0000185 at offset 0x12a90e6600 for 0x200 bytes.
  97902523 free clusters processed.                                                       

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.
No further action is required.

 461171711 KB total disk space.
  68630068 KB in 183767 files.
    118164 KB in 47866 indexes.
         4 KB in bad sectors.
    813383 KB in use by the system.
     65536 KB occupied by the log file.
 391610092 KB available on disk.

      4096 bytes in each allocation unit.
 115292927 total allocation units on disk.
  97902523 allocation units available on disk.

Internal Info:
00 86 05 00 d9 88 03 00 b9 7f 06 00 00 00 00 00  ................
02 02 00 00 35 00 00 00 00 00 00 00 00 00 00 00  ....5...........

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


Edited by twodollars, 22 August 2014 - 10:18 PM.


#8 R0D3R1CK

R0D3R1CK

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 22 August 2014 - 11:00 PM

Good work, twodollars!

I've asked one of my superiors to take a look at your situation in order to ensure that I'm understanding it properly. You can expect the next set of instructions within 24 hours.

While you wait, please provide me with an update of your computer's status. Is it still freezing? Have you noticed any new symptoms?

r0d3r1ck

#9 twodollars

twodollars
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 22 August 2014 - 11:14 PM

It has been working ok so far since I did the chkdsk. No new symptoms and hasn't frozen so far.



#10 R0D3R1CK

R0D3R1CK

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 22 August 2014 - 11:24 PM

:thumbsup:
And you've been using it for more than 2 minutes, right? :lol:

#11 twodollars

twodollars
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 23 August 2014 - 01:03 AM

Yes, I've been using it for 2 hours+ with no issues. If this fixes the problem, I will be so excited. I thought I was going to have to buy a new computer.


Edited by twodollars, 23 August 2014 - 01:04 AM.


#12 R0D3R1CK

R0D3R1CK

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 23 August 2014 - 01:09 AM

That's excellent! I still intend to wait for the feedback on the chkdsk log, so I hope you'll stay. We can probably do some fine-tuning.

I'm pleased to say that with all the resources we have here at BleepingComputer, buying a new computer (or taking similarly drastic actions) is rarely necessary. :grinner:

#13 R0D3R1CK

R0D3R1CK

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 23 August 2014 - 12:18 PM

Hi twodollars,

If you're still actively receiving assistance from Webroot support, you must choose between working with them and working with me. Receiving assistance from multiple people, for the same problem, is not recommended. For best results, you need to be able to dedicate yourself (and your computer) to one person's advice, so that they can understand the entirety of your problem and what you've done so far.

Let me know what you decide.

Regardless of which assistance you choose to continue, I recommend you back up all of your important data from the computer. Your hard drive appears to have serious problems.

r0d3r1ck

#14 twodollars

twodollars
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 23 August 2014 - 01:27 PM

The only thing Webroot did for me was tell me I had NTFS issues and it wasn't their problem to solve. So, I am not getting help from anyone else and am really appreciating your help with my computer. I haven't been able to get anyone else to help me, so you've been a lifesaver.

 

I'll back everything up on my external drive then. I can't believe my hard drive has this many problems. The computer is only 3 years old. Crazy.



#15 R0D3R1CK

R0D3R1CK

  • Members
  • 623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 23 August 2014 - 03:03 PM

Hello!
 

The only thing Webroot did for me was tell me I had NTFS issues and it wasn't their problem to solve. So, I am not getting help from anyone else and am really appreciating your help with my computer. I haven't been able to get anyone else to help me, so you've been a lifesaver.

It's my pleasure to help! :thumbup2:

Go back to my original reply and try following those instructions. Then we'll find out what the next steps should be.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users