[Closed] XP behaving badly, chkdsk prompt at every reboot, locked out of safe mode

By r2power
Sep 25, 2011
Topic Status:
Not open for further replies.
  1. My wife's laptop is crashing intermittently and running very slowly. She was having trouble with Word and rebooted and the problems began. We have let chkdsk run twice to no avail. At this stage, the computer locks everytime I run DDS, so I have no logs for that. Her scroll bar on the touchpad is also disabled, which is actually what bothers her most. The NAV has been corrupted and directories look empty unless you try to enter then in secondary ways. I added Avast and ran it, but once I disabled it to run MalBytes, I can't restart it. All Internet connectivity seems messed up as well, although I may have done that when I started disabling startup programs.

    Here are the two logs I can provide.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-25 11:36:19
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A
    Running: 8zxpvkqp.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB43EFD5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB43EFBC5]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/24/2011 10:04:51 PM
    mbam-log-2011-09-24 (22-04-51).txt

    Scan type: Quick scan
    Objects scanned: 176426
    Time elapsed: 43 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Please let me know what I can do next. Thanks.

    Rich
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Rich, did you mark this thread 'Active'?
  3. r2power

    r2power Newcomer, in training Topic Starter Posts: 19

    I did. I don't use bulletin boards often, and so I just look for what I think I am supposed to click. Sorry if I erred.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I think you'll find that most of the computer forums want you to post the problem and the logs. Thread Tools aren't something a poster would use. That's why you got no reply> Broni and I make a thread 'Active' when one of us picks it up to begin helping. That way,, the other one of us known it's being handled.
    =========================================
    You have a lot going on and we'll have to sort out malware vs system. You did not have to disable the AV for these preliminary scans.

    When you ran chkdisk, did you have it set to both fix and scan? Click on My Computer> Right click on Local Drive (C)> Properties> Tools tab> Error check> check both of the boxes on the screen that comes up> Click on Apply> Close the nag message and reboot.

    See if that makes any difference.
    =========================================
    For DDS: Please download this file: xp_scr_fix

    Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

    You should then be able to run DDS.scr. It's the .scr file extension causing the problem.Leave the 2 logs if DDS runs now. If it doesn't let me know.
  5. r2power

    r2power Newcomer, in training Topic Starter Posts: 19

    The chkdsk process is now looping. I can't get Windows to start at all. Even if I opt out of chkdsk, the computer flashes a fast screen referring to a memory dump and then restarts. Safe mode does not work - it just hangs. I find it hard to believe that this is a hard drive crash because of the way the anti virus programs were disabled. I think whatever this is uses chkdsk to erase key blocks that it systematically orphans.

    Needless to say, I could not get to the DDS part of the instructions.
  6. r2power

    r2power Newcomer, in training Topic Starter Posts: 19

    Bobbye,

    I have found the system recovery disc from eMachines. It allows me to do a non-destructive system restore. Should I try this to get Windows back to some kind of working state? Thanks.
  7. r2power

    r2power Newcomer, in training Topic Starter Posts: 19

    I can't use the non-destructive restart because I have Service Pack 3. Arrgh. I am at the point where I want to just buy a new hard drive.

    I have been able to capture the message right before it reboots. It says
    STOP: c000218 {Registry File Failure}
    The registry cannot load the hive (file):
    or its log or alternate.
    It is corrupt, absent or not writable.

    Beginning dump of physical memory
    Physical memory dump complete
    Contact your system administrator or technical support group for further assistance.

    Bobbye, if I give up and either get another drive or try to overwrite this one, how do I keep the backup from reinfecting me (provided it was a virus and not just a failing hard drive)? Thanks.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Here are 4 reference sites regarding the error that you are getting. Please refer to them and see if any of the suggestions are usable on your system.

    http://answers.microsoft.com/en-us/...try-file/ed2eb6fd-919c-43a7-a8d0-b46a4dec8475

    http://support.microsoft.com/kb/830084

    http://support.microsoft.com/kb/307545

    http://www.geekstogo.com/forum/topic/218456-stopc000218-registry-file-failure/

    If none of the above help, I don't think you have any other choice but to reformat/reinstall.
    You will find excellent reformat/reinstall instructions here:
    http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html
  9. r2power

    r2power Newcomer, in training Topic Starter Posts: 19

    OK. Thanks. I probably won't be able to pick this up again until Tuesday. I'll let you know what happens.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay. Please let me know if you decide not to continue.
  11. r2power

    r2power Newcomer, in training Topic Starter Posts: 19

    Bobbye,

    We've determined that the hard drive is going bad. That means that there is no need to continue this thread. Thanks for your help.

    Rich
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Sorry to hear that. Hopefully you have backed up your files.

    Thank you for letting me know. Good luck with the new drive.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.