Jump to content

Desktop starts only in Safe mode


Recommended Posts

Hi,

 

My daughter was downloading something from the internet and her desktop has stopped working since.  She says she was in youtube at that time, but she had multiple windows open.

We are not able to re-start the machine other than in the 'Safe Mode'.

Restoring to a previous restore point failed.

 

Please assist!!

 

FRST.txt and Addition.txt from the Farbar recovery scan tool are attached.  Sorry for some reason, am not able to paste into this window.

 

Thanks

Jai

 

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run the following from Safemode with networking:

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Kevin

Link to post
Share on other sites

The behavior for normal mode has differed in all my attempts.

 

Today's attempts after you asked:

 

First attempt on normal mode start appeared OK.  I was able to update Norton Anti-Virus after 10 days.  Closed it and attempted to re-open to see Norton to see its status, and after a long wait, got the 'initial screen' of HP on a start that shows 4 options of F10=Setup, Esc=Boot menu, F11=System Recovery, F9=Diagnostics, with HP in the middle of the screen.  Bottom right corner states v5.18.

 

Next couple of attempts did not go past the 'initial screen'.

 

Then unplugged the PC and plugged it back and attempted to start it in Normal mode.

Appeared fine, but as soon as I attempted to open a text file in Notepad, there was a long wait.  In fact, the file does not open.

 

--------

 

Note: When I go in Safe mode, I see many more drives in Windows Explorer.  Normally, I see only C and D (I think).  But in Safe Mode, I see at least 5 more drives, though clicking on them shows them to be not valid.

 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open: Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Quick scan

 

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log. (If Malwarebytes fails, continue with next step)

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Save and Rename it as You download it to iexplore.exe (2)

 

msrt1-1.jpg

 

Double-click iexplore.exe on your Desktop to run it

In the "Scan Type" window, select Full Scan

Perform a scan and the Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

 

fixlist.txt

Link to post
Share on other sites

I was able to process the fixlist.txt and it created the Fixlog.txt.

 

But when I had Malwarebytes Anti-Malware (2.0.2.1012) open, I was not able to locate "Scanner Settings" under Settings tab.  Is the navigation information provided correct?  Please review.

 

Also, it appears that my Malwarebytes window has frozen (clicking on it does not give me any results) and I cannot open any other program like Windows Explorer either.  I can move the mouse around, but clicking on any icon is not recognized.

 

If I end up rebooting, do I have to re-run the fixlist.txt?  At this moment, I will not be able to post Fixlog.txt without rebooting. 

Link to post
Share on other sites

Fixlist.txt will have been saved to this folder C:\FRST\Logs you can post that log after a re-boot.

 

Regarding Malwarebytes, when you listed the logs from the original run of FRST the log "addion.txt" did show that the previous version of Malwarebytes was installed:

 

Malwarebytes Anti-Malware version 1.75.0.1300 Hence the instruction I gave was for that version.... In your last reply you quote the following:

 

 

But when I had Malwarebytes Anti-Malware (2.0.2.1012) open, I was not able to locate "Scanner Settings" under Settings tab.  Is the navigation information provided correct?

 

It would appear that Malwarebytes had been updated to the latest version after FRST was initially run, that is why my instruction did not work.... Instructions for new version follow...

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

Now Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Kevin

Link to post
Share on other sites

Sorry for the delay, but I was traveling away from home.

 

The Fixlog.txt contents are pasted below.

 

Though in 2 attempts, I was not able to complete the Malware Bytes execution, as the system just freezes after about 5 minutes and has to be re-booted.

 

Internet search for P6210f (my HP Desktop) and my symptoms like boot menu and freezes suggests hardware failure.

Do you see that the contents of the files I have provided so far suggest a virus or malware?

 

Thanks

 

============================================================================

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-07-2014 01
Ran by sansach at 2014-07-23 19:47:24 Run:1
Running from C:\Users\sansach\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
URLSearchHook: HKLM-x32 - All Mario Toolbar - {d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab} - C:\Program Files (x86)\All_Mario\tbAll_.dll (Conduit Ltd.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - All Mario Toolbar - {d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab} - C:\Program Files (x86)\All_Mario\tbAll_.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2550700
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://s.myway.com/search/GGmain.jhtml?id=YJyyyyyy6Eus&ptb=B4B43971-3CD3-4D11-9297-31D74BAB0D5F&psa=&ind=2011010312&ptnrS=YJyyyyyy6Eus&si=&st=sb&n=77dd9508&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2550700
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {6FE303C2-1067-4E2E-BC04-6259F84ECA14} URL = http://www.mysearchresults.com/search?&c=2643&t=03&q={searchTerms}
SearchScopes: HKCU - {846AC456-1E8D-4E65-AD7C-272538A258B6} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
SearchScopes: HKCU - {9bd172ba-3f40-4303-bca1-0484b5ba2a7b} URL = http://s.myway.com/search/GGmain.jhtml?id=YJyyyyyy6Eus&ptb=B4B43971-3CD3-4D11-9297-31D74BAB0D5F&psa=&ind=2011010312&ptnrS=YJyyyyyy6Eus&si=&st=sb&n=77dd9508&searchfor={searchTerms}
SearchScopes: HKCU - {9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {A4F4308F-3B24-48A7-A5A8-8EB9E0AFEC4E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314199&CUI=UN24951521841169316&UM=2
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {EEAF325F-8CBD-4DD4-9300-EC46B63055CE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=30C2F0D7-976C-44E9-84A3-A7C69C79DD11&apn_sauid=514A7F5D-54B0-4173-A1F5-EDE3EE985573
BHO: LyricsViewer-2 -> {11111111-1111-1111-1111-110411191162} -> C:\Program Files (x86)\LyricsViewer-2\LyricsViewer-2-bho64.dll No File
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
BHO-x32: All Mario Toolbar -> {d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab} -> C:\Program Files (x86)\All_Mario\tbAll_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - All Mario Toolbar - {d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab} - C:\Program Files (x86)\All_Mario\tbAll_.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll (Oberon Media Ltd.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {D3369E79-2009-4F8D-B7B7-B7A7F0C3BCAB} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
C:\Program Files (x86)\All_Mario
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\GamesBar
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
C:\Users\sansach\AppData\Local\Temp\BackupSetup.exe
C:\Users\sansach\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\sansach\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\sansach\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\sansach\AppData\Local\Temp\setup.exe
C:\Users\sansach\AppData\Local\Temp\{5D6A023F-7DEE-4517-BCEE-C71104278D3B}-24.0.1312.56_24.0.1312.52_chrome_updater.exe
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
End
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab} => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4}" => Key deleted successfully.
"HKCR\CLSID\{9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key deleted successfully.
"HKCR\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FE303C2-1067-4E2E-BC04-6259F84ECA14}" => Key deleted successfully.
"HKCR\CLSID\{6FE303C2-1067-4E2E-BC04-6259F84ECA14}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{846AC456-1E8D-4E65-AD7C-272538A258B6}" => Key deleted successfully.
"HKCR\CLSID\{846AC456-1E8D-4E65-AD7C-272538A258B6}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}" => Key deleted successfully.
"HKCR\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4}" => Key deleted successfully.
"HKCR\CLSID\{9D6FAC19-CFF9-4AD1-BE0E-1F050C4FBBD4}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4F4308F-3B24-48A7-A5A8-8EB9E0AFEC4E}" => Key deleted successfully.
"HKCR\CLSID\{A4F4308F-3B24-48A7-A5A8-8EB9E0AFEC4E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.
"HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEAF325F-8CBD-4DD4-9300-EC46B63055CE}" => Key deleted successfully.
"HKCR\CLSID\{EEAF325F-8CBD-4DD4-9300-EC46B63055CE}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411191162}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110411191162}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{d3369e79-2009-4f8d-b7b7-b7a7f0c3bcab}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
"HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3369E79-2009-4F8D-B7B7-B7A7F0C3BCAB} => value deleted successfully.
"HKCR\CLSID\{D3369E79-2009-4F8D-B7B7-B7A7F0C3BCAB}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
C:\Program Files (x86)\All_Mario => Moved successfully.
"C:\Program Files (x86)\Ask.com" => File/Directory not found.
C:\Program Files (x86)\GamesBar => Moved successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => Service deleted successfully.
C:\Users\sansach\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\sansach\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\sansach\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\sansach\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\sansach\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\sansach\AppData\Local\Temp\{5D6A023F-7DEE-4517-BCEE-C71104278D3B}-24.0.1312.56_24.0.1312.52_chrome_updater.exe => Moved successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Your opening statement does not suggest hardware problems, there is only the mention that issues start after daughter d/l from the internet etc as per quote...

 

 

My daughter was downloading something from the internet and her desktop has stopped working since.  She says she was in youtube at that time, but she had multiple windows open.

We are not able to re-start the machine other than in the 'Safe Mode'.

Restoring to a previous restore point failed.

 

Your system did have browser HiJacker also adware, we remove what was identified with FRST, obviously there maybe hidden malware/infection that we have not yet found....

 

In reply #8 I do say "if malwarebytes fails continue with next step" That would mean to run "Malicious Software Removal Tool" as per the listed instructions. Did you try to run MSRT?

Link to post
Share on other sites

Hi Kevin,

 

I tried to run MSRT a few times in normal mode, but all attempts finished with the screen freezing after about 5-7 minutes, followed by a flash of the Blue Screen of Death for a few seconds, and then finally the HP initial screen of "F10=Setup, Esc=Boot menu, F11=System Recovery, F9=Diagnostics".  None of the F buttons (F11, F9, etc.) were responsive.

 

Then, I attempted to run MSRT in safe mode and the first time the BSOD stayed on a few more moments and showed DRIVER_IRQL_NOT_LESS_OR_EQUAL.  Before writing any more info, the screen changed to the HP initial screen.  Further attempts to run in safe mode did not show BSOD for that long (just a flash).

 

Is there a recommended way to get detailed information log related to the BSOD failures?

 

Thanks

Link to post
Share on other sites

Hi Kevin,

 

There is only 1 file 071114-45864-01.dmp (attached) w/modified date of 11-Jul-14, though I know that there have been many failures that followed.  In fact, there was a BSOD after I copied the file to a flash drive, but the subsequent reboot did not show any files in c:\windows\minidumps.

There is MEMORY.DMP in c:\windows also with same modified date of 11-Jul-14, with a zipped size of ~202 MB.  It is more than the max size allowed for upload here.

Please review attached file and further advise.

 

Thanks

071114-45864-01.zip

Link to post
Share on other sites

That dump file does not really help, go to the following link: http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html  follow the instructions to load and run Driver Verifier. This may cause a BSOD straight away or within a short time.

 

If a BSOD has occurred re-boot and check the mini dump folder for a fresh dump file, if there zip and attach. If the BSOD interferes with the boot sequence boot to safe mode and run Option Two from the above link to "disable" driver verifier....

 

thank you,

 

Kevin

Link to post
Share on other sites

Hi Kevin,

 

I followed the instructions from the website.  I selected all drivers other than those from Microsoft.

In my first attempt, after making the changes and normal reboot, I opened verifier.exe and my attempt to see 'Display Existing Settings' made the computer stall.  The hard drive fan would make noise every 15 minutes or so, but no BSOD.  This ran for ~2 hours.

I restarted and this time attempted to run the MSRT.  The screen froze within minutes, and again the hard drive fan made noise every 15 minutes or so.  I let the computer on through the night.  So this run lasted more than 11 hours.  Time (bottom right) shown on the computer was still as of yesterday.  No BSOD.

I have restarted again and see that there are no new files in the minidumps directory.

 

====

 

There is a recovery partition on the computer.  I have already saved the data files and there are only Norton Internet Security and Microsoft Office main applications that are loaded.

Do you think a recovery attempt will work?  Or is it likely that these issues will resurface?

 

====

 

Thanks

Link to post
Share on other sites

Probably pertinent to run Check Disk before progressing to a full recovery, it is possible a HD fault maybe the cause. Best to check first..

 

Go here: http://www.sevenforums.com/tutorials/433-disk-check.html Scroll to "Option Two" and follow the instructions to run check disk with the r flag from a elevated command prompt...

 

The command to type at the prompt will be chkdsk /r   note the space between chkdsk and /r

 

Next,

 

To get the log from Event Viewer go here: http://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html and follow those instructions... Post that log...

 

Thanks,

 

Kevin....

Link to post
Share on other sites

Hi Kevin,

 

I tried chkdsk /r and it gave me "Type is NTFS.  Cannot lock current drive" error.  Based on some other posts on sevenforums with same issue, I tried chkdsk /r /x /f, but that gave me "Type is RAW.  Cannot lock current drive".

I also changed the 'write debugging information' from 'kernel memory dump' to 'small memory dump' so as to enable writing of minidumps files.  As soon as I did that, my screen showed an error with black background "AHCI Port0 Device Error".  I had to reboot.  No new minidumps files were created.

I tried to recover using the recovery partition that the HP PC has.  That recovery too failed with "Windows has encountered a problem communicating with a device connected to your computer.  0xc00000e9.  An unexpected I/O error has occurred ...".

From the above, I think my hard drive is the culprit and needs to be replaced.  Though I can *still* restart and the computer works for about 4-5 minutes and then freezes.  That has allowed to save pertinent data and that is what matters the most to me.

You may close this thread.  Thanks for your help and patience.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.