chkdsk issues

isunova · Sep 5, 2010

A friend asked me to look at her laptop because it was giving her some issues. When I met up with her a couple weeks later, she couldn't really give me any specifics (having forgotten them while not using the laptop, apparently), just that it kept telling her to do a disk check and there were a lot of weird messages popping up on the bottom of the screen.

When I got the computer, I didn't notice any strange popups. However, after every reboot, the system advises a disk check of c, but never finds anything if I run one. There are also a lot of keyboard issues with multiple keys typing at once and keys sticking, but I have no idea if any malware or virus could cause that or if it is just the keyboard dying. I did clean the affected keys, and while the problem appeared to be fixed at first, it now goes through cycles of working normally, being a problem, and none of the keys working at all.

Initially I just ran combofix, as that solved her problems last time. It gave me a couple popups while running - pev.cfxxe is a corrupt file, the drive c is corrupt and unreadable; cf20034.cfxxe (not sure of the exact numbers after the cf there) is a corrupt file, the drive c is corrupt and unreadable. After I ran it the chkdsk prompt on startup went away, but only for a day and then it was back. When the problem came back I ran combofix again and it gave me similar popups, only the numbers after the cf were different. At the end I couldn't open anything because it said the registry key had been marked for deletion. I restarted in safe mode, ran sfc scannow, and it fixed that problem.

Today I ran your whole guide. MBAM & SAS found nothing. Combofix was the same copy that had been on her laptop for a while, so I uninstalled it and redownloaded it and saved it as testrename.exe in case something had affected it while it had been on her computer (I couldn't find anything on google about the specific cf#####.cfxxe files it was listing and was suspicious). It didn't change anything - I got the same file errors (pev.cfxxe and cf25344.cfxxe are corrupt, the disk c is corrupt and unreadable, please run chkdsk utility). It also gave me the same registry key marked for deletion error message, but a reboot made that go away. I couldn't run Root Repeal - it gave me this error message when I opened the program:

00:54:07: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d8)
00:54:07: DeviceIoControl Error! Error Code = 0x1e7
00:54:07: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d8)

And these messages when I tried to run the scan:

Could not initialize driver! Please contact the author!

Could not scan drive C (error 0xc0000024)

MGtools gave me a cmd.exe is a corrupt file, c is corrupt and unreadable message while running as well. My logs are attached and any help would be appreciated. Thank you!

TimW · Sep 5, 2010

Your logs are clean. The only thing I see that you need to delete is this:
C:\Users\nerd\AppData\Local\obanodkqx

I suggest two things. One is to install the updates for Vista.....sp1 and sp2. The second is to post in the software forum for additional assistance.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Support MajorGeeks with Geek Wear!

Log in or Sign up

chkdsk issues

isunova Private E-2

Attached Files:

ComboFix.txt

MGlogs.zip

SASlog.txt

mbam-log.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member