Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dell Dimension 9150 Running Windows XP


  • Please log in to reply

#1
Channeal

Channeal

    Member

  • Member
  • PipPipPip
  • 696 posts

This is a continuation of a problem Phillpower 2 has been helping me with here. I have two hard drives, the second has a clone of my OS on it. At the moment, I can only boot from the clone, but the main drive will not boot up at all.

 

Phill, here is the edit from the previous post.

 

EDIT I sussed out why my computer was not even attempting to get into Safe Mode. I needed to turn the other drives off in the BIOS first! Unfortunately though, once I had realised that and attempted it again, it froze on the black screen listing all the drivers that had loaded. I have only tried once so far - Checkdisk is running again at the moment, as I didn't manage to stop it this time! xsad.png.pagespeed.ic.nW56hUVS2R.png

Btw, the black screen saying that drives are missing no longer comes up when I boot up from either drive. What seems to have happened is that I mistakenly turned on drives 1 and 3 (which maybe don't actually exist) in the BIOS when all this first happened. I have turned them off now - and the black screen no longer appears.

 

Maybe I should have another try to see if it freezes again.

 

Chris.


Edited by Channeal, 30 July 2016 - 04:51 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER if it tries to get you to take it too.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

  • 0

#3
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts

Hello RKinner

 

Thank you for your reply

 

Here is the Speccy file

 

Attached File  Speccy.txt   234.29KB   82 downloads

 

And here is the Process Explorer text

 

Process    CPU    Private Bytes    Working Set    PID    Verified Signer
System Idle Process    89.06    0 K    28 K    0    
firefox.exe    6.25    288,404 K    285,348 K    5608    (Verified) Mozilla Corporation
spoolsv.exe    1.56    4,128 K    6,452 K    1420    (No signature was present in the subject) Microsoft Corporation
svchost.exe    0.78    4,828 K    6,784 K    3032    (No signature was present in the subject) Microsoft Corporation
services.exe    0.78    2,040 K    4,120 K    1796    (Verified) Microsoft Windows Component Publisher
procexp.exe    0.78    27,340 K    35,692 K    4440    (Verified) Microsoft Corporation
Interrupts    0.78    0 K    0 K    n/a    
WudfHost.exe        2,240 K    3,864 K    2764    (Verified) Microsoft Windows
wpCtrl.exe        2,020 K    4,764 K    2552    (Verified) Portrait Displays
wmiprvse.exe        6,524 K    10,024 K    2140    (No signature was present in the subject) Microsoft Corporation
wmiprvse.exe        1,860 K    5,204 K    3536    (No signature was present in the subject) Microsoft Corporation
winlogon.exe        7,080 K    4,708 K    1752    (Verified) Microsoft Windows Component Publisher
unsecapp.exe        1,580 K    4,932 K    5928    (Verified) Microsoft Windows Component Publisher
UninstallMonitor.exe        14,648 K    16,708 K    6000    (Verified) IObit Information Technology
TrueImageMonitor.exe        26,372 K    11,116 K    3000    (Verified) Acronis International GmbH
TomTom MySports Connect.exe        46,804 K    60,080 K    2216    (No signature was present in the subject) TomTom
TibMounterMonitor.exe        4,192 K    8,112 K    3076    (Verified) Acronis International GmbH
System        0 K    256 K    4    
syncagentsrv.exe        5,484 K    9,936 K    3612    (Verified) Acronis International GmbH
svchost.exe        24,440 K    35,784 K    504    (No signature was present in the subject) Microsoft Corporation
svchost.exe        3,260 K    5,592 K    2012    (Verified) Microsoft Windows Component Publisher
svchost.exe        2,120 K    5,076 K    260    (Verified) Microsoft Windows Component Publisher
svchost.exe        2,480 K    3,716 K    556    (Verified) Microsoft Windows Component Publisher
svchost.exe        5,348 K    7,724 K    768    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,204 K    3,212 K    844    (Verified) Microsoft Windows Component Publisher
svchost.exe        1,388 K    3,996 K    748    (Verified) Microsoft Windows Component Publisher
svchost.exe        2,476 K    4,412 K    3264    (No signature was present in the subject) Microsoft Corporation
svchost.exe        1,628 K    3,600 K    3800    (No signature was present in the subject) Microsoft Corporation
SpotifyWebHelper.exe        1,496 K    5,296 K    3896    (Verified) Spotify AB
smss.exe        180 K    436 K    1076    (Verified) Microsoft Windows Component Publisher
schedul2.exe        1,080 K    3,460 K    1116    (Verified) Acronis International GmbH
schedhlp.exe        996 K    3,552 K    1196    (Verified) Acronis International GmbH
ReminderApp.exe        24,780 K    20,656 K    1096    (Verified) Nova Development
ReflectService.exe        1,336 K    4,404 K    2820    (Verified) Paramount Software UK Ltd
RapportService.exe        38,428 K    26,960 K    5172    (Verified) IBM
RapportMgmtService.exe        155,012 K    32,368 K    424    (Verified) IBM
PSIService.exe        2,000 K    2,856 K    2404    (Verified) Corel Corporation
pdisrvc.exe        1,748 K    2,308 K    2184    (Verified) Portrait Displays
nvsvc32.exe        2,740 K    4,648 K    2052    (No signature was present in the subject) NVIDIA Corporation
mDNSResponder.exe        984 K    3,092 K    1600    (Verified) Apple Inc.
mcrdsvc.exe        864 K    3,132 K    3932    (No signature was present in the subject) Microsoft Corporation
lsass.exe        6,432 K    9,016 K    1808    (Verified) Microsoft Windows Component Publisher
jusched.exe        832 K    2,940 K    436    (Verified) Oracle America
iTunesHelper.exe        11,008 K    15,832 K    3552    (Verified) Apple Inc.
iPodService.exe        2,452 K    4,060 K    4016    (Verified) Apple Inc.
HookManager.exe        992 K    3,144 K    3036    (Verified) Portrait Displays
GrooveMonitor.exe        2,344 K    6,952 K    1716    (Verified) Microsoft Corporation
GoogleCrashHandler.exe        1,864 K    592 K    1676    (Verified) Google Inc
Floater.exe        1,860 K    4,108 K    1672    (Verified) Portrait Displays
explorer.exe        26,896 K    35,912 K    1232    (No signature was present in the subject) Microsoft Corporation
ehtray.exe        2,676 K    1,636 K    1608    (Verified) Microsoft Windows Publisher
ehSched.exe        2,664 K    5,252 K    2884    (Verified) Microsoft Windows Publisher
ehrecvr.exe        2,540 K    4,768 K    2672    (No signature was present in the subject) Microsoft Corporation
ehmsas.exe        888 K    3,376 K    4944    (No signature was present in the subject) Microsoft Corporation
DTSRVC.exe        604 K    2,328 K    2496    (Verified) Portrait Displays
dthtml.exe        12,560 K    19,208 K    2368    (Verified) Portrait Displays
DPHelper.exe        904 K    2,672 K    5188    (Verified) Portrait Displays
dlm1db.exe        1,572 K    4,048 K    2192    (Verified) Dell Inc.
dllhost.exe        2,320 K    6,436 K    3544    (No signature was present in the subject) Microsoft Corporation
CTxfispi.exe        4,948 K    7,176 K    4888    (No signature was present in the subject) Creative Technology Ltd
Ctxfihlp.exe        4,040 K    6,632 K    2472    (No signature was present in the subject) Creative Technology Ltd
CTSVCCDA.EXE        440 K    1,436 K    2080    (No signature was present in the subject) Creative Technology Ltd
CtHelper.exe        2,092 K    3,964 K    2300    (No signature was present in the subject) Creative Technology Ltd
ctfmon.exe        1,116 K    3,768 K    456    (Verified) Microsoft Windows Component Publisher
CTDVDDET.exe        1,128 K    3,716 K    2460    (No signature was present in the subject) Creative Technology Ltd
CTAudSvc.exe        896 K    2,872 K    1508    (No signature was present in the subject) Creative Technology Ltd
csrss.exe        1,820 K    4,628 K    1728    (Verified) Microsoft Windows Component Publisher
AvastUI.exe        76,184 K    26,960 K    2088    (Verified) AVAST Software a.s.
AvastSvc.exe        90,220 K    40,976 K    1028    (Verified) AVAST Software a.s.
AppleMobileDeviceService.exe        10,216 K    13,644 K    1304    (Verified) Apple Inc.
alg.exe        1,220 K    3,712 K    4444    (No signature was present in the subject) Microsoft Corporation
afwServ.exe        13,416 K    8,496 K    1296    (Verified) AVAST Software a.s.
afcdpsrv.exe        2,640 K    5,060 K    1148    (Verified) Acronis International GmbH

 

 

 

Am adding a picture of the screen showing the drivers which load when I try to get into Safe Mode, before it freezes.

 

 

 

DSC_0012.JPG

 

Many thanks,

Chris.

 

EDIT I read somewhere that the last driver to load giveio.sys can cause problems and that it is something to do with Speedfan. I saw that other people have had problems with it and that it can sometimes be solved by renaming the file. Or something like that, anyway! :)
 


Edited by Channeal, 30 July 2016 - 01:21 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

I assume what we are seeing in the logs is from booting off the clone.  Hopefully the clone is the Western Digital drive as it appears to be in very good condition.  The Seagate drive is not looking that good:

 

 
01
Attribute name Read Error Rate
Real value 0
Current 103
Worst 99
Threshold 6
Raw Value 0000005E80
Status Good
 
...
 
07
Attribute name Seek Error Rate
Real value 0
Current 84
Worst 60
Threshold 30
Raw Value 000E3FD933
 
...
 
BC
Attribute name Command Timeout
Real value 23
Current 100
Worst 99
Threshold 0
Raw Value 0000000017
Status Good
 
 
...
 
C3
Attribute name Hardware ECC Recovered
Real value 0
Current 48
Worst 24
Threshold 0
Raw Value 0000005E80
Status Good

 

 

If you look at the Raw Value for the above (and compare them to the Western Digital drive) you will see that the Seagate is starting to get sick.   (They really have a bad rep for reliability these days.)  If I were you I would move any data I wanted to keep from the no boot drive to the Clone then clone the clone onto the no Boot drive and use that for my back up.
 
As far as the driver loading goes. I think it's actually the next driver in the list that causes the problem.  The one you can't see.
 
Since you have the clone, turn on boot logging - that should show us what order the drivers load.
In Windows XP, you can enable boot logging by pressing the F8 key when Windows first starts and choose the item Enable Boot Logging.
The log, ntbtlog.txt should be in C:\windows\  Please either attach it or open it and copy and paste into a Reply.
 
This is a system hidden folder so you probably need to tell Windows to let you see it.
Double-click on the My Computer icon.
    Select the Tools menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button 
 
Is the no boot drive also the one you installed Puppy on?  Sometimes Linux will install its own bootloader and then things really get interesting.
See if you can find \boot.ini on the no boot drive.  Either attach it or open it in notepad and copy and paste it into a Reply.
 
Is the no boot drive still running a disk check every time you try to boot from it?
 
 
 
 
 
 
 
 
 
 

  • 0

#5
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts

Hello again,

 

 

 

I assume what we are seeing in the logs is from booting off the clone.  Hopefully the clone is the Western Digital drive as it appears to be in very good condition.  The Seagate drive is not looking that good:

 

 

 

This is bad news - the Seagate is the drive with the clone on. It is the newer of the 2 drives, but up until 2014 it was used as the main drive whilst the Western Digital was pretty much unused.

 

 

 

Since you have the clone, turn on boot logging - that should show us what order the drivers load.
In Windows XP, you can enable boot logging by pressing the F8 key when Windows first starts and choose the item Enable Boot Logging.
The log, ntbtlog.txt should be in C:\windows\  Please either attach it or open it and copy and paste into a Reply.

 

 

Attached File  ntbtlog.txt   7.6KB   46 downloads

 

 

 

Is the no boot drive also the one you installed Puppy on?  Sometimes Linux will install its own bootloader and then things really get interesting.
See if you can find \boot.ini on the no boot drive.  Either attach it or open it in notepad and copy and paste it into a Reply.

 

 

Yes, Puppy was installed from the no-boot drive.

 

Not sure if I have the right file as it has very little text in it.

 

Attached File  boot.ini.txt   207bytes   33 downloads

 

 

 

Is the no boot drive still running a disk check every time you try to boot from it?

 

 

Yes, it is indeed!

 

 

 

Thanks very much for your help.

 


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Ntbtlog says the next driver it loads is fltsrv.sys

 

 
Loaded driver giveio.sys
Loaded driver fltsrv.sys
Loaded driver aswNdis2.SYS

 

 

 

fltsrv.sys is from Acronis.  There are a lot of posts about it keeping you from Safe Mode.

https://forum.acronis.com/forum/29040

and also lots explaining how to remove the Acronis Drivers:

http://www.wildersse...-issues.316447/

https://forum.acronis.com/forum/27907

 

You may need to use an off-line registry editor in order to edit the registry on the bad drive  

 

https://www.raymond....ing-in-windows/

 

I assume you can have tell the no boot drive to make a boot log and then use the clone to find and post the sick drive's ntbtlog.  That way we can see where it fails.

 

 

You may need to use one of the methods here to stop the disk check.  (also read page 2)

 

https://www.raymond....indows-startup/

 

The boot.ini file appears normal.  Since it does try to load Windows I guess the puppy didn't hurt us.  Have you tried booting to the Command Prompt (in the safe mode menu)  Also sometimes the video driver has problems and booting to the Low Resolution Options will allow it to boot.  


  • 0

#7
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts

Wow! How amazing that an apparently innocent program can cause such problems. I find it hard to comprehend!   :confused: 

 

 

I felt a bit overwhelmed after reading all your links about the problems and how to delete the entries. Although I have edited the registry before when I have had clear instructions what to do, I feel this may be entering the realms where I do not feel confident enough to do it.

 

My one hope though lies at https://kb.acronis.com/content/48668 The instructions there do not look to be too difficult to run (assuming it can be done from within the cloned OS).

 

I need to ask a couple of questions though.....

 

 

 

 

You can also uninstall the product using the EXE installation file: run the installation file of the product that you want to uninstall and select the option Remove:

 

Does this actually mean to reinstall the program and then remove it?

 

 

 

 

 

Regarding the Clean-Up Utility: -

 

 

6 - If there are snapman*, tdrpman*, fltsrv, timounter strings, remove the strings from the UpperFilters and LowerFilters: double-click on the   UpperFilters/LowerFilters and delete the strings:

 

I decided to look at the registry in advance of attempting anything and to see if I could find these entries. I got to the stage where the instructions gives a picture of the 'Edit Multi-String screen as follows:-

 

edit.JPG

 

Would I do nothing here?

 

 

 

 

 

 

7 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}, check for snapman*, tdrpman*, fltsrv, timounter strings and remove the strings from the UpperFilters and LowerFilters if they are present. (!) Do not delete the key!

 

I got to: -

 

edit2.JPG

 

Would I also do nothing here?

 

 

 

 

 

Am leaving the rest of your instructions for now if I may and just concentrating on the cleaning instructions in the link.

 

Thanks for your help.


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

See if you find the ntbtlog.txt file for the sick drive first so that we can be sure that is where the problem lies.

 

I haven't read through the instructions that carefully but do nothing unless you find the specific item they talk about.  

 

The exe program they talk about just comes up and offers you a choice of install or remove.  Not going to be of much use if you can't boot.

 

If you do not have an XP setup disk perhaps you can create one from the clone:

 

http://www.howtohave...setupdisk.shtml

 

Then you could do a repair install

 

http://smallbusiness...-sp3-54021.html


  • 0

#9
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts

I had not previously fully realised the significance of what you said about needing to disable Checkdisk. But of course, it is necessary to get the drive to produce a boot log. Silly me! :-(

I need a bit of help with disabling it though. When I go into command prompt from the clone, then the no-boot drive is given the label E. But of course, if I managed to boot into the no-boot drive it would then be the C drive. So, which letter do I put into the command prompt in order to disable Checkdisk running on the no-boot drive?

With regard to the Windows XP disk, I do actually have one. Although one was not sent out when we purchased the computer, we subsequently requested - and were sent - one. However, I ran into problems in 2014 when being helped here in GTG. The following is from the conversation back then: -

 

 

When I attempted to run the System File Checker, I got the message telling me to insert my Windows XP Professional CD Rom. Here's the thing.... when we got this computer, it came without a disc but we requested (and got sent) one later. So, I got out my 'Microsoft Windows XP Media Center Version 2005' disc and put it into the CD Rom - only to be told that it was the wrong disc! Then I realised that when we had the new hard drive put in last year the guy in the shop didn't take our CD, but presumably used his own. It wouldn't let me proceed any further without the correct CD.

 

I subsequently contacted the computer shop about this, but they told me: -

 

 

'Us using our own discs should make no odds to your PC – any disc will work on any system; the part that makes it unique is the license code affixed to your machine.

 

I too have been faced with similar problems in the past when running SFC scans, where it will not accept the disc, when it is more than clearly the correct version of Windows. Over time we have just put this down to a bug within XP that is sometimes present. As I’m sure you are aware, support for windows XP is stopping in the next couple of weeks, as it has come to the end of its existence. Over time, and since Vista, 7, and 8 operating systems have come out, it has become harder and harder to make a PC work from scratch with Windows XP.'

 

 

Godawgs then got me to copy some registry files to the desktop and we tried to run the scan from there, but I was still asked to insert the disk.

 

 

I seem to remember Phill saying that it might be to do with the fact that Service Pack 2 had subsequently been added.

 

Whatever the reason, we had no success in getting Scannow to work back then. :(


Edited by Channeal, 02 August 2016 - 07:28 AM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Would have to be E:

 

Have you tried doing a check disk on E:  Perhaps it will work better that way.


  • 0

Advertisements


#11
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts

 

Would have to be E:

 

Have you tried doing a check disk on E:  Perhaps it will work better that way.

 

Do you mean running Checkdisk on E while booting from the clone?

 

Sorry, I think you might have missed the second part of my post about the Windows XP disk. I started the post on my phone, then added the bit copied from 2014 here on my computer. You were a tad too quick for me though! :)


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Do you mean running Checkdisk on E while booting from the clone?

 

 

Yes.  

 

There are several flavors of XP - Home, Pro, 32 bit & 64 bit, + SP1, SP2, SP3 and probably more.  I don't think your shop knows what they are talking about.


  • 0

#13
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts

Okay...... I disabled Checkdisk and tried to boot into the no-boot drive. Checkdisk actually started to run though, so I thought it hadn't worked. I left the room for a while, thinking it would run for ages as usual. When I returned however, Checkdisk had stopped and it had booted into Puppy (I put the Puppy disk in as soon as I saw Checkdisk, to prevent it startling up all over again as soon as it had finished).

 

When I restarted again, it would not even attempt to get into Safe Mode and pressing F8 did not work. To my surprise though, it continued on to the desktop and this time it did not restart!

 

I got a message to say that the system had recovered from a fatal error (something that has happened more than once recently). The error is apparently connected with something called Common Software Manager which I believe is connected to a program called Nuance Paperport which is the printing/scanning software which came with my Dell C1765nfw printer.

 

There is no boot log as pressing F8 failed, but I got a picture of the following: -

 

Common software manager.JPG

 

 

 

 


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Can you uninstall it?

 

Is Acronis on this drive?


  • 0

#15
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 696 posts
I have uninstalled Paperport for now (presumably I will be able to reinstall later?)

I believe Acronis was deleted some time ago. My understanding of the problems with Acronis and Safemode was that the problems arise after uninstalling, due to bits lefts behind. Is that correct?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP