Chkdsk Error / Windows 7 Sens Failure

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by m_thomp, Jul 22, 2017.

  1. m_thomp

    m_thomp Private E-2

    Hi All,

    I think I have a malware problem which is affecting my OS (Windows 7). The problem is exists in a number of ways that may/may not be related to one another, these are as follows:

    - When started, Windows fails to connect to the System Event Notification Service, most of the time
    - I cannot install many important Windows updates, with the "2017-07 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4025341)" update being the long-standing update failure
    - I have Comodo as my firewall and it has not been able to update, download or install signatures for the last few days
    - Upon restart/reboot, I am always forced to go through the CHKDSK process, this would get to stage 2 of 3 and when verifying indexes, it would repeat the following message ten times before freezing: "Correcting error in index $I30 for file 120685"

    As I mentioned, I originally thought this was a problem with Windows 7, and posted in the Software forum (you can find full details of my progress here: http://forums.majorgeeks.com/index.php?threads/chkdsk-index-error-windows-sens-failure.316833/ ). I was helped by Eldon, but sadly, whilst performance mproved, the problems still remain. I became more convinced this was a malware problem. I've run through the removal guide and attached the logs to this post. I'm a complete novice when it comes to computers but I think the logs have identified some items that may be causing the problems. I would be eternally grateful if you could help resolve, as all the advice received so far has be most beneficial.

    Many thanks,

    Mark
     

    Attached Files:

    m_thomp, Jul 22, 2017
    #1
  2. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, Mark

    Rerun RogueKiller and select the following entries for deletion.

    ¤¤¤ Registry : ¤¤¤
    [PUP.DownloadAssistant] (X86) HKEY_LOCAL_MACHINE\Software\DVDVideoSoft -> Found
    [PUP.DownloadAssistant] (X64) HKEY_USERS\S-1-5-21-4058061130-24315584-4265296184-1001\Software\DVDVideoSoft -> Found
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-4058061130-24315584-4265296184-1001\Software\OCS -> Found
    [PUP.DownloadAssistant] (X86) HKEY_USERS\S-1-5-21-4058061130-24315584-4265296184-1001\Software\DVDVideoSoft -> Found
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-4058061130-24315584-4265296184-1001\Software\OCS -> Found

    ¤¤¤ Files : 21 ¤¤¤
    [PUP.DownloadAssistant][Folder] C:\Users\MarkT\AppData\Roaming\DVDVideoSoft -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Found
    [Tr.Gen0][File] C:\Users\MarkT\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
    [Hidden.ADS][Stream] C:\Users\MarkT\AppData\Local:S2Q7dy4P7j0rLrvoN -> Found
    [PUP.FusionCore|PUP.Gen0][Folder] C:\Program Files (x86)\Common Files\DVDVideoSoft -> Found
    [PUP.DownloadAssistant][Folder] C:\Program Files (x86)\DVDVideoSoft -> Found

    Now re-scan with Hitman Pro, activate the 30 day trial and have it delete everything detected, then reboot the PC in order for the changes to take affect.

    After reboot and when you are back in Windows, rescan with both RogueKiller and HitmanPro and attach those new logs.

    Now please download Junkware Removal Tool to your desktop.
    • Make sure to shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.

    NOTE: This PC has less than 10% free space remaining on the harddrive and that should be affecting your system's performance - you should have at the minumum 15%.
     
    dr.moriarty, Jul 22, 2017
    #2
  3. m_thomp

    m_thomp Private E-2

    Thanks for your help dr.moriarty.

    I have followed your instructions and added the updated RogueKiller and HitmanPro logs, along with Junkware Removal Tool log to this file.

    Please let me know if there anything further you wish me to do, or if there's anything I need to re-run.

    Many thanks,

    Mark
     

    Attached Files:

    m_thomp, Jul 24, 2017
    #3
  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You're welcome. How is your PC running now?
     
    dr.moriarty, Jul 24, 2017
    #4
  5. m_thomp

    m_thomp Private E-2

    Thanks dr.moriarty. Firstly, apologies for not getting back to you sooner - I've been out of action for the last 3 days with a cold.

    Unfortunately, the laptop is still displaying the same problems. On boot, it's still running (and failing/freezing) the CHKDSK process - it's failing/freezing at the exact same point as mentioned in my first post.

    Windows still fails to connect to the System Event Notification Service, although this is much less frequently than before I followed your steps above.

    The "2017-07 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4025341)" update is still failing to install. Also, the anti-virus side of Comodo and it has not been able to update for the last 15 days - it can now download the signatures but it fails when it comes to installing them.

    The last two problems (Windows and Comodo updates) worry me more than anything else, as it makes me think the laptop is a bit more exposed/vunerable to further problems until it's fixed.

    I appreciate, that this may now not be a malware problem (although it was obvious that malware problems existed regardless) - but it's a process of elimination! As always, any suggestions / recommendations to remedy the problems would be gratefully received.

    Many thanks again,

    Mark
     
    m_thomp, Jul 28, 2017
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Jul 28, 2017
    #6
  7. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Your remaining problems appear to be non-malware related. Please follow TimW's suggestion after completing the final cleanup steps below:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase it, it provide no protection. It do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. Go back to step 4 of the READ ME and re-enable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, Win 7/8 - it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Go to the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work through the below link:
     
    dr.moriarty, Jul 28, 2017
    #7
  8. m_thomp

    m_thomp Private E-2

    Hi guys,

    Thanks again for your tips. I'm not sure that I shoud be posting on the Malware forum anymore but if there's a more suitable forum, then please advise.

    I thought I'd give an update on update on what has happened next.

    I followed your final steps and then downloaded Windows Repair (I had already had an earlier version that I used to try and fix the SENS problem, but that only used a couple of the repair options). Firstly, I ran the pre-scan checks. They were quite revealing in that they showed what Windows updates I'd missed (35 or so in total). It then ran CHKDSK process which at least shed some light on $I30 for file 120685 index errors I've been receiving. I think all of this is saved in a log somewhere.

    I then set Windows Repair to "Repair All", mainly because I can't isolate my problem to a specifc area. I set this to run overnight. When I woke in the morning, the repair at some point had failed (again, I think this is all in a log somewhere).

    When I rebooted and started Windows normally, I still have CHKDSK freeze/fail issue, but there are more problems now, which I think are as a result of the Windows Repair partial completion. Firstly, it takes longer to boot. Secondly, Windows Repairs no longer loads - I get an "Invalid Picture" error pop-up box. Thirdly, I can no longer search for files/programs in Windows Explorer or from the Windows button - this is the reason I cannot locate any of the log files, which I would attach to this post if I could find them.

    I'm currently trying to install Windows 10 (again) in the hope that it will overwrite my current problems!

    Fingers crossed.

    Mark
     
    m_thomp, Jul 30, 2017
    #8
  9. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    You should return to your thread in the Software forum, as the problems being exhibited are with your operating system.

    Good luck with the Windows re-install.
    dr.m
     
    dr.moriarty, Jul 30, 2017
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds