Help: Data Corruption, Re-opening of Random Windows

Hello,


Having strange troubles with Windows 8.

Did a re-installation about a month back and its been a bit rocky since. Fast forward to this week and I was working on an app with Ruby on Rails. Restated the computer and when I came back, the windows I was previously using appeared on the desktop as if it remembered the session (its done this twice randomly now). Opened were Chrome, Skype, and a Ruby console.

All of these ended in corruption. Skype wouldn't open properly and I lost my profile pic settings and the contacts wouldn't appear straight away. Chrome lost history, settings, and had a damaged cache.

Devastatingly, the core folders in my Ruby project were corrupted. I couldn't even copy and paste them, or open them. I got a "0x80070570 the file or directory is corrupted and unreadable" error.

I went and did a Windows Startup Repair as recommended. It did a short repair then restarted. The corrupted files in my Ruby project had disappeared. I'm now seeing if I can recover them but its completely wrecked my work.

I can't believe how rubbish my luck is. The day before a friend was encouraging me to push it to our Bitbucket repo... fancy that.

Avast antivirus also stopped working properly today. The interface wouldn't let me start the service so it was effectively not running. I had to do a repair reinstall.

Questions:

A) What is causing this? I've been scared by a friend into all sorts of horrors; malicious remote access, hardware failure, etc.
B) What can I do to prevent this happening again?

So far I have:
> Downloaded all important Windows updates
> Done a full system scan with Avast; no issues found
> Checked hard drive for issues; no bad sectors or problems reported
> Currently doing a scan with the Windows Malicious Software Removal Tool
> Planning to use Recuva to search for my deleted files

This sounds like potential Windows corruption and not hardware failure, though a failing hard drive could be the source of the problem. A better virus scanning method is to use Malwarebytes (full scan) in Safe Mode; unless you need a startup service for wireless internet, it's best to boot into Safe Mode with your startup items disabled as well (or you may use the Diagnostic Boot option found in msconfig).

Hello there.

Took your advice. Ran both Avast and Malwarebytes in this mode.

Malwarebytes reported this:

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 447901
Time elapsed: 24 minute(s), 34 second(s)


Memory Processes Detected: 0
(No malicious items detected)


Memory Modules Detected: 0
(No malicious items detected)


Registry Keys Detected: 0
(No malicious items detected)


Registry Values Detected: 0
(No malicious items detected)


Registry Data Items Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc|Start (Disabled.Cryptsvc) -> Bad: (4) Good: (2) -> No action taken.


Folders Detected: 0
(No malicious items detected)


Files Detected: 2
C:\Users\-snip-\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> No action taken.

Click to expand...

Removed the Filezilla installer but its supposed to be harmless (I was told some kind of adware with the optional installs).

I quarantined the iffy crypsvc item. I hear it is common for malware to pose as this.

Computer restarted with no loss of any functionality as can happen when removing an infected cryptsvc I'm told.

Avast showed no problems after doing a scan.

What exactly could the problem with cryptsvc been? Anything else I should do from here onwards?