BleepingComputer.com: disk c has errors?

My computer has recently started experiencing slower boot-up speeds into Vista, and will occasionally fail to boot (into Vista). I have run chkdsk, but it doesn't find anything. However, any time I try and run a backup (or a system restore), Vista tells me that the drive has errors. Now, I did have some corrupt files causing Vista to fail every other time, but I have since deleted these (via my Linux partition). Everything was working okay until recently.

I then decided to run sfc/scannow, and got this result:

Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection found corrupt files but was unable to fix some of th
em.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

Here's the info from the CBS.log

2008-11-09 17:16:40, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2008-11-09 17:16:40, Info CSI 00000160 [SR] Cannot repair member file [l:20{10}]"conime.exe" of Microsoft-Windows-ConsoleIME, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2008-11-09 17:16:40, Info CSI 00000161 [SR] Cannot repair member file [l:20{10}]"conime.exe" of Microsoft-Windows-ConsoleIME, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2008-11-09 17:16:40, Info CSI 00000162 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"conime.exe"; source file in store is also corrupted
2008-11-09 17:16:40, Info CSI 00000163 Repair results created:
POQ 66 starts:

POQ 66 ends.
2008-11-09 17:16:40, Info CSI 00000164 [SR] Repair complete
2008-11-09 17:16:40, Info CSI 00000165 [SR] Committing transaction
2008-11-09 17:16:40, Info CSI 00000166 Creating NT transaction (seq 1), objectname [6]"(null)"
2008-11-09 17:16:40, Info CSI 00000167 Created NT transaction (seq 1) result 0x00000000, handle @0x144c
2008-11-09 17:16:40, Info CSI 00000168@2008/11/9:23:16:40.417 CSI perf trace:
CSIPERF:TXCOMMIT;4
2008-11-09 17:16:40, Info CSI 00000169 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

I tried looking for conime.exe in the location given, but it's not there. Is it possible I have a virus or have been hacked? Or, is my HDD beginning to fail?

If you need more information, please let me know.

Run chkdsk /r on the drive...from the Start/Run prompt.

Louis

I have already run "chkdsk", and it found nothing.

I tried to run "chkdsk /r"; however, it says that my volume is in use by another process. I say yes to run it on reboot, yet when I reboot, nothing happens.

First off, if you suspect that the drive could be failing/defective/suspect, I would backup your data to another storage media.(External drive, USB Drive, DVD, CD, etc)
If you want to test the drive, you could also run a disk diagnostic utility from the manufacturer's website for your drive. If you are unsure of the drive manufacturer, you can look it up with a utility that will tell detailed information about your computer. One of them being SIW - http://www.gtopala.com/siw-download.html

Hope that helps,

Hmmm...that's not good.

The blurb about not being able to run is standard fare, chkdsk cannot run on the C: partition as long as Windows is open. But it should have run automatically when you rebooted.

I would try it again. If it doesn't run this time...I suggest that you backup your data files from the C: partition...and then run a manufacturer's diagnostic on that hard drive. Long test if long and short versions are offered.

Hard Drive Installation and Diagnostic Tools - http://www.bleepingcomputer.com/forums/topic28744.html

Louis

I have a Fujitsu HDD. I've tried several diagnostics, and almost none of them say something is wrong, other than the "sfc/scannow" test (I'll be more specific).

Well, I decided to play Phantasy Star Online while I was on Vista, and this shocked me: My save was gone! I'd already made a back up, but it must have happened before I made the backup. To my knowledge, randomly disappearing files is a sign of possible failure.I hope it's not true...I'll try the suggestions above...

This post has been edited by kde1585: 16 November 2008 - 09:55 PM

Apparently, no one has ever told you...disk errors are not a good thing. They are not necessarily to be brushed aside like mosquitoes might.

They can be one indicator that a hard drive is approaching the point of failure, in part or wholly.

Chkdsk can work around some types of errors....some disk diagnostics can further repair or work around some types...but it's hard to say for sure until a user runs the diagnostic from the manufacturer or/and runs chkdsk /r.

Louis

If I thought disk errors were a good thing, why would I be worried about them?

I just tried to run chkdsk /r in safe mode. Again, it will not run, even when saying "yes" to run it on the next boot....every diagnostic shows up nothing. I've been trying to run these programs as administrator, too. Even the HDD diagnotics in VAIO recovery mode show nothing (I ran these about a week ago when the problem started.). I have no way of knowing if my disk might be failing, other than the "sfc/scannow" results above, and these two signs:

1. Disappearing files (the PSO save)
2. Vista failing to boot occasionally, as well as slower boot times (Linux has yet to fail, so this could be a Vista issue)

This post has been edited by kde1585: 16 November 2008 - 09:47 PM

Ok, lets go in another direction to see if this is not hardware related, and perhaps this is related to malware.
Could you complete the steps below:

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.
  
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
    
  • Then click on the Scan button.
  
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Well, I have read that "conime.exe" is a target for hackers, and that's the file brought up with "sfc/scannow". I will try the steps above.
Malwarebytes' Anti-Malware 1.30
Database version: 1403
Windows 6.0.6001 Service Pack 1

16/11/2008 23:35:19
mbam-log-2008-11-16 (23-35-19).txt

Scan type: Quick Scan
Objects scanned: 48188
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Would any of the files above have anything to do with booting, though?

This post has been edited by kde1585: 17 November 2008 - 12:36 AM

I am sure if you ran that again, it would come up clean. What is the exact messages you are getting when this happens...

Quote

conime.exe can also be the legit MS file used for Asian language support. If you want to double check that you are clean you could try an online scan. http://housecall.trendmicro.com/

While the scan said it didn't find anything, I got an error message while trying to run it. I'll keep trying...

As for the error: After the malware was removed, I tried running the backup, and it started to work, then this happened:


The backup did not complete successfully.

An error occured. The following information might help you resolve the error:

The file or directory is corrupt or unreadable. (0x80070570)



I have manually backed up all important/essential files.

http://www.vistax64.com/vista-performance-...ckup-error.html

Louis

If I understand the link above correctly...

I am trying to use an external HDD for backup, and not a partition on my on-board HDD. Granted, I could try another external HDD, but I don't think this is what the problem is (as the problem also occurs on a system restore). VAIO support (I have a VAIO; maybe I should have mentioned that earlier.) suggested resetting my computer to factory conditions; however, I would have to spend a few hours reintalling and reconfiguring Linux, and would have to spend a few days getting Vista back to where I had it, so this is not an option that I hope to try. It may be inevitable, however...