jctcom
asked on
XP Pro Cannot boot into Safe Mode. Normal mode starts fine
Hello I have a Windows XP Pro with SP3 system which I believe it recently had a Virus in it (Likely some sort of rootkit) and now it cannot start in Safe mode plus problems with Windows Update in normal mode. When I try to start in safe mode or safe mode with networking I get the following BSOD:
IRQL_Not_Less_Or_Equal 0x0000000A, 0xF79AE354, 0x000000FF, 0x0000000D, 0x804E5639
Same happens if I try to do a Repair Install. First time the error occurred was when client was trying to upgrade Avast AV (Free Version). Have since removed all traces of Avast. Have also run the following: chkdsk /p, fixmbr (Initially stated that there was an non-standard Master partition table (May not be the exact wording), Malwarebytes (Found 1 virus and removed), Combofix, Rootkit hunter, Rootkit Revealer Hijack This and several other anti-spyware programs. these scans seem to be clean now.
System restore does not seem to want to run when the computer is up in normal mode.
Currently running a chkdsk /r which at the beginning of the scan has indicated: "Performing additional checking and recover" which to me means it may have found a problem.
any help much appreciated. trying to avoid reformatting and re-installing. The second parameter in the BSOD above is nowhere to be found on the internet.
As a troubleshooting procedure I wanted to remove XP SP3 but the "Remove" option was not available in Add Remove programs. After the Chkdsk /r is finished I plan to remove it using option 4 in the following microsoft kb: " http://support.microsoft.com/kb/950249 " as Steps 1 through 3 did not work either.
Carl
IRQL_Not_Less_Or_Equal 0x0000000A, 0xF79AE354, 0x000000FF, 0x0000000D, 0x804E5639
Same happens if I try to do a Repair Install. First time the error occurred was when client was trying to upgrade Avast AV (Free Version). Have since removed all traces of Avast. Have also run the following: chkdsk /p, fixmbr (Initially stated that there was an non-standard Master partition table (May not be the exact wording), Malwarebytes (Found 1 virus and removed), Combofix, Rootkit hunter, Rootkit Revealer Hijack This and several other anti-spyware programs. these scans seem to be clean now.
System restore does not seem to want to run when the computer is up in normal mode.
Currently running a chkdsk /r which at the beginning of the scan has indicated: "Performing additional checking and recover" which to me means it may have found a problem.
any help much appreciated. trying to avoid reformatting and re-installing. The second parameter in the BSOD above is nowhere to be found on the internet.
As a troubleshooting procedure I wanted to remove XP SP3 but the "Remove" option was not available in Add Remove programs. After the Chkdsk /r is finished I plan to remove it using option 4 in the following microsoft kb: " http://support.microsoft.com/kb/950249 " as Steps 1 through 3 did not work either.
Carl
ASKER
Have booted into recovery console again and tried the "fixmbr". I still get the "This computer appears to have a non-standard or invalid master boot record" message. Is this an indication of a problem or is this normal?
Carl.
Carl.
I would recommend you to do a windows repair on this machine but firstly run sfc /scannow and for further reference see the links below
http://support.microsoft.com/kb/310353
http://en.kioskea.net/forum/affich-28936-unable-to-boot-xp
http://www.techspot.com/vb/topic115048.html
http://support.microsoft.com/kb/316434
http://social.answers.microsoft.com/Forums/en/xprepair/thread/1bb2ac51-8b5c-4058-b835-408524ace776
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true
http://support.microsoft.com/kb/315222
http://support.microsoft.com/kb/310353
http://en.kioskea.net/forum/affich-28936-unable-to-boot-xp
http://www.techspot.com/vb/topic115048.html
http://support.microsoft.com/kb/316434
http://social.answers.microsoft.com/Forums/en/xprepair/thread/1bb2ac51-8b5c-4058-b835-408524ace776
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true
http://support.microsoft.com/kb/315222
ASKER
Ran SFC /Scannow. at least three times so far. Cannot do a Windows Repair because I get the same BSOD.
I will look at the other references you provided to see if they present with anything I haven't tried yet.
Carl.
I will look at the other references you provided to see if they present with anything I haven't tried yet.
Carl.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok farjadarshad after reading through the links you provided it is obvious that you did not read through my problem. and just provided a bunch of links that seemed mildly relevant to you. it is not like I don't know how to get into safe mode. it is that the computer will not load into safe mode without giving me the BSOD error screen. Perhaps someone else will have more relevant suggestions.
Carl.
Carl.
ASKER
johnb6767 I have downloaded and ran SuperantiSpyware but I did not see this option for "repairs" I will look for that option and give it a try..
Carl.
Carl.
ASKER
Hi John. I could not find the "Fix Safeboot" option that you recommended but I found the "Repair broken safeboot key" Which I imagined was probably the current version of what you were talking about. i tried that and rebooted the computer and then tried rebooting and going into safe mode but received the same bsod.
Carl.
Carl.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Also upload three recent minidump files from c:\windows\minidump
ASKER
Hi Optoma. I don't know why but my C:\Windows\minidump\ folder is completely empty.
Carl.
Carl.
Are minidumps enabled?
Can you post Combofix's logfile
Also run Hitmanpro + Tdsskiller from desktop
http://www.surfright.nl/en/hitmanpro
http://support.kaspersky.com/viruses/solutions?qid=208280684
minidump.JPG
Can you post Combofix's logfile
Also run Hitmanpro + Tdsskiller from desktop
http://www.surfright.nl/en/hitmanpro
http://support.kaspersky.com/viruses/solutions?qid=208280684
minidump.JPG
ASKER
Hi Optoma. The Mini Dump was not enabled. I enabled it and then tried to get into safe mode again but it still did not produce a minidump file. I have performed a new combofix scan and attached the log file here. (Do you prefer that I attach the log file or pasted it in?
I will download and run the Hitmanpro and Tdsskiller and post the results shortly.
Carl.
ComboFix.txt
I will download and run the Hitmanpro and Tdsskiller and post the results shortly.
Carl.
ComboFix.txt
ASKER
Ran both Hitman Pro and Tdskiller and both came back clean.
Carl.
Carl.
ASKER
In The meantime I have run Seatools on the Seagate hard drive for the system. Both the basic and extended tests passed without errors. If I don't hear back from someone by later today I am going to try to do a fresh install on a spare hard drive just to rule out any other hardware problems. I will be heading out in the next half hour and will be gone till about 5pm local time and check back then to see if there are any other comments or suggestions.
Carl.
Carl.
Log shows three firewalls> Keiro + Sunbelt + Zone Alarm>>one is plenty!
Can you uninstall them all + test
Can you uninstall them all + test
ASKER
The Keiro and sunbelt have actually been uninstalled and the Zone alarm is disabled for the moment pending my recommendation to the client to uninstall it as well. I think the Windows Firewall is generally good enough.
Not sure though why they are still showing up in the log. Uninstall must have left some remnants in the registry.
I will see if I can clean them out manually.
Carl.
Not sure though why they are still showing up in the log. Uninstall must have left some remnants in the registry.
I will see if I can clean them out manually.
Carl.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok have removed all references to the kerio and sunbelt firewalls (Will confirm with another combofix which is currently running). I have uninstalled ZoneAlarm. restarted the computer. then restarted again to try to get into safe mode. Same BSOD error.
Not sure where to go from here?
Like I said earlier I will likely try to do a clean install on a spare hard drive just to see if I get the same issue or not.
In terms of hardware testing I have tried disconnecting both optical drives and the 2nd hard drive. There are 4 RAM modules I have removed two at a time and tested with the last 2 in the other slots and still get the same BSOD trying to get into safe mode. I have gone into the bios and disabled all extraneous ports (Serial, Parallel, gaming port etc...) Stil BSOD trying to get into safe mode.
Carl.
Not sure where to go from here?
Like I said earlier I will likely try to do a clean install on a spare hard drive just to see if I get the same issue or not.
In terms of hardware testing I have tried disconnecting both optical drives and the 2nd hard drive. There are 4 RAM modules I have removed two at a time and tested with the last 2 in the other slots and still get the same BSOD trying to get into safe mode. I have gone into the bios and disabled all extraneous ports (Serial, Parallel, gaming port etc...) Stil BSOD trying to get into safe mode.
Carl.
ASKER
Have attached current combofix log. Interestingly the last Combofix run did not require a reboot whereas all the previous ones did.
Also this entry in "Other Deletions did not appear in the last combofix log:
((((((((((((((((((((((((((
.
c:\windows\TEMP\logishrd\L
I am running combofix again after a failed BSOD attempt to get into safe mode to see if the above file returned.
Carl.
.
ComboFix2.txt
Also this entry in "Other Deletions did not appear in the last combofix log:
((((((((((((((((((((((((((
.
c:\windows\TEMP\logishrd\L
I am running combofix again after a failed BSOD attempt to get into safe mode to see if the above file returned.
Carl.
.
ComboFix2.txt
ASKER
Interesting. Combofix required a reboot again and that file returned.
But a search on Google seems to indicate that the file is associated with logitech QuickCam which is not currently plugged in but I suppose it could be something that gets written every time the computer starts?
any more ideas on what else to try here?
Carl.
But a search on Google seems to indicate that the file is associated with logitech QuickCam which is not currently plugged in but I suppose it could be something that gets written every time the computer starts?
any more ideas on what else to try here?
Carl.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have attached the Autoruns.txt file.
It is a little after 1:30am here and I am off to bed.
Carl.
AutoRuns.txt
It is a little after 1:30am here and I am off to bed.
Carl.
AutoRuns.txt
Thanks for that. Nothing standing out :(
You mentioned Logitech Cam Software> Anything in event viewer regarding it?
Can it be uninstalled to test and reinstalled afterwards?
You also mention a problem with System Restore>can you try creating a restore point?
You mentioned Logitech Cam Software> Anything in event viewer regarding it?
Can it be uninstalled to test and reinstalled afterwards?
You also mention a problem with System Restore>can you try creating a restore point?
ASKER
Combofix and other programs claim they have created restore points and if I start the computer up with my Microsoft Diagnostics and Recovery disc I can run the system restore and see the calendar with various restore points.
If I run system restore from within Windows XP I see a blank calendar (And I mean totally blank there are not even any numbers on the calendar).
I did mention in my first post that I had tried a repair install and got the same BSOD during it. After this the computer would not start at all. Came up with the same BSOD error even trying to go into normal mode.
I then ran the MDART disc and restored it back to a point a few days earlier when the client had tried to install an Avast update or upgrade.
I will remove the Logitech Cam software but I am beginning to think that this is going to require a reformat. Like I said a few time earlier I will do a test with a spare hard drive first just to be sure.
Carl.
If I run system restore from within Windows XP I see a blank calendar (And I mean totally blank there are not even any numbers on the calendar).
I did mention in my first post that I had tried a repair install and got the same BSOD during it. After this the computer would not start at all. Came up with the same BSOD error even trying to go into normal mode.
I then ran the MDART disc and restored it back to a point a few days earlier when the client had tried to install an Avast update or upgrade.
I will remove the Logitech Cam software but I am beginning to think that this is going to require a reformat. Like I said a few time earlier I will do a test with a spare hard drive first just to be sure.
Carl.
ASKER
Any more comments or suggestions on this problem?
Carl.
Carl.
Unfortunately, at the moment, I can't think of anything else :(
Sorry ....
Sorry ....
ASKER
all right. I will let you know what happens after I do a test reformat with a spare hard drive.
Carl.
Carl.
ASKER
So a clean reformat and install ran fine.
ASKER
Thank you for your help. I have awarded the points even though we did not really find a solution (Since I was trying to avoid the reformat) but I appreciate your efforts.
Carl.
Carl.
No prob :)
ASKER
Carl.