[Closed] XP behaving badly, chkdsk prompt at every reboot, locked out of safe mode

[r2power]

My wife's laptop is crashing intermittently and running very slowly. She was having trouble with Word and rebooted and the problems began. We have let chkdsk run twice to no avail. At this stage, the computer locks everytime I run DDS, so I have no logs for that. Her scroll bar on the touchpad is also disabled, which is actually what bothers her most. The NAV has been corrupted and directories look empty unless you try to enter then in secondary ways. I added Avast and ran it, but once I disabled it to run MalBytes, I can't restart it. All Internet connectivity seems messed up as well, although I may have done that when I started disabling startup programs.

Here are the two logs I can provide.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-25 11:36:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A
Running: 8zxpvkqp.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB43EFD5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB43EFBC5]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/24/2011 10:04:51 PM
mbam-log-2011-09-24 (22-04-51).txt

Scan type: Quick scan
Objects scanned: 176426
Time elapsed: 43 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Please let me know what I can do next. Thanks.

Rich

 

[Bobbye]

Rich, did you mark this thread 'Active'?

 

[r2power]

I did. I don't use bulletin boards often, and so I just look for what I think I am supposed to click. Sorry if I erred.

 

[Bobbye]

I think you'll find that most of the computer forums want you to post the problem and the logs. Thread Tools aren't something a poster would use. That's why you got no reply> Broni and I make a thread 'Active' when one of us picks it up to begin helping. That way,, the other one of us known it's being handled.
=========================================
You have a lot going on and we'll have to sort out malware vs system. You did not have to disable the AV for these preliminary scans.

When you ran chkdisk, did you have it set to both fix and scan? Click on My Computer> Right click on Local Drive (C)> Properties> Tools tab> Error check> check both of the boxes on the screen that comes up> Click on Apply> Close the nag message and reboot.

See if that makes any difference.
=========================================
For DDS: Please download this file: xp_scr_fix

Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

You should then be able to run DDS.scr. It's the .scr file extension causing the problem.Leave the 2 logs if DDS runs now. If it doesn't let me know.

 

[r2power]

The chkdsk process is now looping. I can't get Windows to start at all. Even if I opt out of chkdsk, the computer flashes a fast screen referring to a memory dump and then restarts. Safe mode does not work - it just hangs. I find it hard to believe that this is a hard drive crash because of the way the anti virus programs were disabled. I think whatever this is uses chkdsk to erase key blocks that it systematically orphans.

Needless to say, I could not get to the DDS part of the instructions.

 

[r2power]

Bobbye,

I have found the system recovery disc from eMachines. It allows me to do a non-destructive system restore. Should I try this to get Windows back to some kind of working state? Thanks.

 

[r2power]

I can't use the non-destructive restart because I have Service Pack 3. Arrgh. I am at the point where I want to just buy a new hard drive.

I have been able to capture the message right before it reboots. It says
STOP: c000218 {Registry File Failure}
The registry cannot load the hive (file):
or its log or alternate.
It is corrupt, absent or not writable.

Beginning dump of physical memory
Physical memory dump complete
Contact your system administrator or technical support group for further assistance.

Bobbye, if I give up and either get another drive or try to overwrite this one, how do I keep the backup from reinfecting me (provided it was a virus and not just a failing hard drive)? Thanks.

 

[Bobbye]

Here are 4 reference sites regarding the error that you are getting. Please refer to them and see if any of the suggestions are usable on your system.

http://answers.microsoft.com/en-us/...try-file/ed2eb6fd-919c-43a7-a8d0-b46a4dec8475

http://support.microsoft.com/kb/830084

http://support.microsoft.com/kb/307545

http://www.geekstogo.com/forum/topic/218456-stopc000218-registry-file-failure/

If none of the above help, I don't think you have any other choice but to reformat/reinstall.
You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

 

[r2power]

OK. Thanks. I probably won't be able to pick this up again until Tuesday. I'll let you know what happens.

 

[Bobbye]

Okay. Please let me know if you decide not to continue.

 

[r2power]

Bobbye,

We've determined that the hard drive is going bad. That means that there is no need to continue this thread. Thanks for your help.

Rich

 

[Bobbye]

Sorry to hear that. Hopefully you have backed up your files.

Thank you for letting me know. Good luck with the new drive.