Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Dell Dimension 9150 Running Windows XP

Started by Channeal , Jul 30 2016 04:49 AM

Please log in to reply

#1
Channeal

Posted 30 July 2016 - 04:49 AM

Member

Member
879 posts

This is a continuation of a problem Phillpower 2 has been helping me with here. I have two hard drives, the second has a clone of my OS on it. At the moment, I can only boot from the clone, but the main drive will not boot up at all.

Phill, here is the edit from the previous post.

EDIT I sussed out why my computer was not even attempting to get into Safe Mode. I needed to turn the other drives off in the BIOS first! Unfortunately though, once I had realised that and attempted it again, it froze on the black screen listing all the drivers that had loaded. I have only tried once so far - Checkdisk is running again at the moment, as I didn't manage to stop it this time!

Btw, the black screen saying that drives are missing no longer comes up when I boot up from either drive. What seems to have happened is that I mistakenly turned on drives 1 and 3 (which maybe don't actually exist) in the BIOS when all this first happened. I have turned them off now - and the black screen no longer appears.

Maybe I should have another try to see if it freezes again.

Chris.

Edited by Channeal, 30 July 2016 - 04:51 AM.

#2
RKinner

Posted 30 July 2016 - 11:03 AM

Malware Expert

Expert
24,625 posts

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER if it tries to get you to take it too. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top about 10 lines down.) Save the file. Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File)

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

#3
Channeal

Posted 30 July 2016 - 12:47 PM

Member

Topic Starter
Member
879 posts

Hello RKinner

Thank you for your reply

Here is the Speccy file

Speccy.txt 234.29KB 284 downloads

And here is the Process Explorer text

Process   CPU   Private Bytes   Working Set   PID   Verified Signer
System Idle Process   89.06   0 K   28 K   0
firefox.exe   6.25   288,404 K   285,348 K   5608   (Verified) Mozilla Corporation
spoolsv.exe   1.56   4,128 K   6,452 K   1420   (No signature was present in the subject) Microsoft Corporation
svchost.exe   0.78   4,828 K   6,784 K   3032   (No signature was present in the subject) Microsoft Corporation
services.exe   0.78   2,040 K   4,120 K   1796   (Verified) Microsoft Windows Component Publisher
procexp.exe   0.78   27,340 K   35,692 K   4440   (Verified) Microsoft Corporation
Interrupts   0.78   0 K   0 K   n/a
WudfHost.exe       2,240 K   3,864 K   2764   (Verified) Microsoft Windows
wpCtrl.exe       2,020 K   4,764 K   2552   (Verified) Portrait Displays
wmiprvse.exe       6,524 K   10,024 K   2140   (No signature was present in the subject) Microsoft Corporation
wmiprvse.exe       1,860 K   5,204 K   3536   (No signature was present in the subject) Microsoft Corporation
winlogon.exe       7,080 K   4,708 K   1752   (Verified) Microsoft Windows Component Publisher
unsecapp.exe       1,580 K   4,932 K   5928   (Verified) Microsoft Windows Component Publisher
UninstallMonitor.exe       14,648 K   16,708 K   6000   (Verified) IObit Information Technology
TrueImageMonitor.exe       26,372 K   11,116 K   3000   (Verified) Acronis International GmbH
TomTom MySports Connect.exe       46,804 K   60,080 K   2216   (No signature was present in the subject) TomTom
TibMounterMonitor.exe       4,192 K   8,112 K   3076   (Verified) Acronis International GmbH
System       0 K   256 K   4
syncagentsrv.exe       5,484 K   9,936 K   3612   (Verified) Acronis International GmbH
svchost.exe       24,440 K   35,784 K   504   (No signature was present in the subject) Microsoft Corporation
svchost.exe       3,260 K   5,592 K   2012   (Verified) Microsoft Windows Component Publisher
svchost.exe       2,120 K   5,076 K   260   (Verified) Microsoft Windows Component Publisher
svchost.exe       2,480 K   3,716 K   556   (Verified) Microsoft Windows Component Publisher
svchost.exe       5,348 K   7,724 K   768   (Verified) Microsoft Windows Component Publisher
svchost.exe       1,204 K   3,212 K   844   (Verified) Microsoft Windows Component Publisher
svchost.exe       1,388 K   3,996 K   748   (Verified) Microsoft Windows Component Publisher
svchost.exe       2,476 K   4,412 K   3264   (No signature was present in the subject) Microsoft Corporation
svchost.exe       1,628 K   3,600 K   3800   (No signature was present in the subject) Microsoft Corporation
SpotifyWebHelper.exe       1,496 K   5,296 K   3896   (Verified) Spotify AB
smss.exe       180 K   436 K   1076   (Verified) Microsoft Windows Component Publisher
schedul2.exe       1,080 K   3,460 K   1116   (Verified) Acronis International GmbH
schedhlp.exe       996 K   3,552 K   1196   (Verified) Acronis International GmbH
ReminderApp.exe       24,780 K   20,656 K   1096   (Verified) Nova Development
ReflectService.exe       1,336 K   4,404 K   2820   (Verified) Paramount Software UK Ltd
RapportService.exe       38,428 K   26,960 K   5172   (Verified) IBM
RapportMgmtService.exe       155,012 K   32,368 K   424   (Verified) IBM
PSIService.exe       2,000 K   2,856 K   2404   (Verified) Corel Corporation
pdisrvc.exe       1,748 K   2,308 K   2184   (Verified) Portrait Displays
nvsvc32.exe       2,740 K   4,648 K   2052   (No signature was present in the subject) NVIDIA Corporation
mDNSResponder.exe       984 K   3,092 K   1600   (Verified) Apple Inc.
mcrdsvc.exe       864 K   3,132 K   3932   (No signature was present in the subject) Microsoft Corporation
lsass.exe       6,432 K   9,016 K   1808   (Verified) Microsoft Windows Component Publisher
jusched.exe       832 K   2,940 K   436   (Verified) Oracle America
iTunesHelper.exe       11,008 K   15,832 K   3552   (Verified) Apple Inc.
iPodService.exe       2,452 K   4,060 K   4016   (Verified) Apple Inc.
HookManager.exe       992 K   3,144 K   3036   (Verified) Portrait Displays
GrooveMonitor.exe       2,344 K   6,952 K   1716   (Verified) Microsoft Corporation
GoogleCrashHandler.exe       1,864 K   592 K   1676   (Verified) Google Inc
Floater.exe       1,860 K   4,108 K   1672   (Verified) Portrait Displays
explorer.exe       26,896 K   35,912 K   1232   (No signature was present in the subject) Microsoft Corporation
ehtray.exe       2,676 K   1,636 K   1608   (Verified) Microsoft Windows Publisher
ehSched.exe       2,664 K   5,252 K   2884   (Verified) Microsoft Windows Publisher
ehrecvr.exe       2,540 K   4,768 K   2672   (No signature was present in the subject) Microsoft Corporation
ehmsas.exe       888 K   3,376 K   4944   (No signature was present in the subject) Microsoft Corporation
DTSRVC.exe       604 K   2,328 K   2496   (Verified) Portrait Displays
dthtml.exe       12,560 K   19,208 K   2368   (Verified) Portrait Displays
DPHelper.exe       904 K   2,672 K   5188   (Verified) Portrait Displays
dlm1db.exe       1,572 K   4,048 K   2192   (Verified) Dell Inc.
dllhost.exe       2,320 K   6,436 K   3544   (No signature was present in the subject) Microsoft Corporation
CTxfispi.exe       4,948 K   7,176 K   4888   (No signature was present in the subject) Creative Technology Ltd
Ctxfihlp.exe       4,040 K   6,632 K   2472   (No signature was present in the subject) Creative Technology Ltd
CTSVCCDA.EXE       440 K   1,436 K   2080   (No signature was present in the subject) Creative Technology Ltd
CtHelper.exe       2,092 K   3,964 K   2300   (No signature was present in the subject) Creative Technology Ltd
ctfmon.exe       1,116 K   3,768 K   456   (Verified) Microsoft Windows Component Publisher
CTDVDDET.exe       1,128 K   3,716 K   2460   (No signature was present in the subject) Creative Technology Ltd
CTAudSvc.exe       896 K   2,872 K   1508   (No signature was present in the subject) Creative Technology Ltd
csrss.exe       1,820 K   4,628 K   1728   (Verified) Microsoft Windows Component Publisher
AvastUI.exe       76,184 K   26,960 K   2088   (Verified) AVAST Software a.s.
AvastSvc.exe       90,220 K   40,976 K   1028   (Verified) AVAST Software a.s.
AppleMobileDeviceService.exe       10,216 K   13,644 K   1304   (Verified) Apple Inc.
alg.exe       1,220 K   3,712 K   4444   (No signature was present in the subject) Microsoft Corporation
afwServ.exe       13,416 K   8,496 K   1296   (Verified) AVAST Software a.s.
afcdpsrv.exe       2,640 K   5,060 K   1148   (Verified) Acronis International GmbH

Am adding a picture of the screen showing the drivers which load when I try to get into Safe Mode, before it freezes.

Many thanks,

Chris.

EDIT I read somewhere that the last driver to load giveio.sys can cause problems and that it is something to do with Speedfan. I saw that other people have had problems with it and that it can sometimes be solved by renaming the file. Or something like that, anyway!

Edited by Channeal, 30 July 2016 - 01:21 PM.

#4
RKinner

Posted 30 July 2016 - 04:26 PM

Malware Expert

Expert
24,625 posts

I assume what we are seeing in the logs is from booting off the clone. Hopefully the clone is the Western Digital drive as it appears to be in very good condition. The Seagate drive is not looking that good:

01

Attribute name Read Error Rate

Real value 0

Current 103

Worst 99

Threshold 6

Raw Value 0000005E80

Status Good

...

07

Attribute name Seek Error Rate

Real value 0

Current 84

Worst 60

Threshold 30

Raw Value 000E3FD933

...

BC

Attribute name Command Timeout

Real value 23

Current 100

Worst 99

Threshold 0

Raw Value 0000000017

Status Good

...

C3

Attribute name Hardware ECC Recovered

Real value 0

Current 48

Worst 24

Threshold 0

Raw Value 0000005E80

Status Good

If you look at the Raw Value for the above (and compare them to the Western Digital drive) you will see that the Seagate is starting to get sick. (They really have a bad rep for reliability these days.) If I were you I would move any data I wanted to keep from the no boot drive to the Clone then clone the clone onto the no Boot drive and use that for my back up.

As far as the driver loading goes. I think it's actually the next driver in the list that causes the problem. The one you can't see.

Since you have the clone, turn on boot logging - that should show us what order the drivers load.

In Windows XP, you can enable boot logging by pressing the F8 key when Windows first starts and choose the item Enable Boot Logging.

The log, ntbtlog.txt should be in C:\windows\ Please either attach it or open it and copy and paste into a Reply.

This is a system hidden folder so you probably need to tell Windows to let you see it.

Double-click on the My Computer icon.

Select the Tools menu and click Folder Options.

After the new window appears select the View tab.

Put a checkmark in the checkbox labeled Display the contents of system folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide file extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Press the Apply button and then the OK button

Is the no boot drive also the one you installed Puppy on? Sometimes Linux will install its own bootloader and then things really get interesting.

See if you can find \boot.ini on the no boot drive. Either attach it or open it in notepad and copy and paste it into a Reply.

Is the no boot drive still running a disk check every time you try to boot from it?

#5
Channeal

Posted 31 July 2016 - 02:58 PM

Member

Topic Starter
Member
879 posts

Hello again,

I assume what we are seeing in the logs is from booting off the clone. Hopefully the clone is the Western Digital drive as it appears to be in very good condition. The Seagate drive is not looking that good:

This is bad news - the Seagate is the drive with the clone on. It is the newer of the 2 drives, but up until 2014 it was used as the main drive whilst the Western Digital was pretty much unused.

Since you have the clone, turn on boot logging - that should show us what order the drivers load.

In Windows XP, you can enable boot logging by pressing the F8 key when Windows first starts and choose the item Enable Boot Logging.

The log, ntbtlog.txt should be in C:\windows\ Please either attach it or open it and copy and paste into a Reply.

ntbtlog.txt 7.6KB 232 downloads

Is the no boot drive also the one you installed Puppy on? Sometimes Linux will install its own bootloader and then things really get interesting.

See if you can find \boot.ini on the no boot drive. Either attach it or open it in notepad and copy and paste it into a Reply.

Yes, Puppy was installed from the no-boot drive.

Not sure if I have the right file as it has very little text in it.

boot.ini.txt 207bytes 213 downloads

Is the no boot drive still running a disk check every time you try to boot from it?

Yes, it is indeed!

Thanks very much for your help.

#6
RKinner

Posted 31 July 2016 - 04:51 PM

Malware Expert

Expert
24,625 posts

Ntbtlog says the next driver it loads is fltsrv.sys

Loaded driver giveio.sys

Loaded driver fltsrv.sys

Loaded driver aswNdis2.SYS

fltsrv.sys is from Acronis. There are a lot of posts about it keeping you from Safe Mode.

https://forum.acronis.com/forum/29040

and also lots explaining how to remove the Acronis Drivers:

http://www.wildersse...-issues.316447/

https://forum.acronis.com/forum/27907

You may need to use an off-line registry editor in order to edit the registry on the bad drive

https://www.raymond....ing-in-windows/

I assume you can have tell the no boot drive to make a boot log and then use the clone to find and post the sick drive's ntbtlog. That way we can see where it fails.

You may need to use one of the methods here to stop the disk check. (also read page 2)

https://www.raymond....indows-startup/

The boot.ini file appears normal. Since it does try to load Windows I guess the puppy didn't hurt us. Have you tried booting to the Command Prompt (in the safe mode menu) Also sometimes the video driver has problems and booting to the Low Resolution Options will allow it to boot.

#7
Channeal

Posted 01 August 2016 - 05:37 AM

Member

Topic Starter
Member
879 posts

Wow! How amazing that an apparently innocent program can cause such problems. I find it hard to comprehend! :confused:

I felt a bit overwhelmed after reading all your links about the problems and how to delete the entries. Although I have edited the registry before when I have had clear instructions what to do, I feel this may be entering the realms where I do not feel confident enough to do it.

My one hope though lies at https://kb.acronis.com/content/48668 The instructions there do not look to be too difficult to run (assuming it can be done from within the cloned OS).

I need to ask a couple of questions though.....

You can also uninstall the product using the EXE installation file: run the installation file of the product that you want to uninstall and select the option Remove:

Does this actually mean to reinstall the program and then remove it?

Regarding the Clean-Up Utility: -

6 - If there are snapman*, tdrpman*, fltsrv, timounter strings, remove the strings from the UpperFilters and LowerFilters: double-click on the UpperFilters/LowerFilters and delete the strings:

I decided to look at the registry in advance of attempting anything and to see if I could find these entries. I got to the stage where the instructions gives a picture of the 'Edit Multi-String screen as follows:-

Would I do nothing here?

7 - Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}, check for snapman*, tdrpman*, fltsrv, timounter strings and remove the strings from the UpperFilters and LowerFilters if they are present. (!) Do not delete the key!

I got to: -

Would I also do nothing here?

Am leaving the rest of your instructions for now if I may and just concentrating on the cleaning instructions in the link.

Thanks for your help.

#8
RKinner

Posted 01 August 2016 - 07:27 AM

Malware Expert

Expert
24,625 posts

See if you find the ntbtlog.txt file for the sick drive first so that we can be sure that is where the problem lies.

I haven't read through the instructions that carefully but do nothing unless you find the specific item they talk about.

The exe program they talk about just comes up and offers you a choice of install or remove. Not going to be of much use if you can't boot.

If you do not have an XP setup disk perhaps you can create one from the clone:

http://www.howtohave...setupdisk.shtml

Then you could do a repair install

http://smallbusiness...-sp3-54021.html

#9
Channeal

Posted 02 August 2016 - 07:18 AM

Member

Topic Starter
Member
879 posts

I had not previously fully realised the significance of what you said about needing to disable Checkdisk. But of course, it is necessary to get the drive to produce a boot log. Silly me! :-(

I need a bit of help with disabling it though. When I go into command prompt from the clone, then the no-boot drive is given the label E. But of course, if I managed to boot into the no-boot drive it would then be the C drive. So, which letter do I put into the command prompt in order to disable Checkdisk running on the no-boot drive?

With regard to the Windows XP disk, I do actually have one. Although one was not sent out when we purchased the computer, we subsequently requested - and were sent - one. However, I ran into problems in 2014 when being helped here in GTG. The following is from the conversation back then: -

When I attempted to run the System File Checker, I got the message telling me to insert my Windows XP Professional CD Rom. Here's the thing.... when we got this computer, it came without a disc but we requested (and got sent) one later. So, I got out my 'Microsoft Windows XP Media Center Version 2005' disc and put it into the CD Rom - only to be told that it was the wrong disc! Then I realised that when we had the new hard drive put in last year the guy in the shop didn't take our CD, but presumably used his own. It wouldn't let me proceed any further without the correct CD.

I subsequently contacted the computer shop about this, but they told me: -

'Us using our own discs should make no odds to your PC – any disc will work on any system; the part that makes it unique is the license code affixed to your machine.

I too have been faced with similar problems in the past when running SFC scans, where it will not accept the disc, when it is more than clearly the correct version of Windows. Over time we have just put this down to a bug within XP that is sometimes present. As I’m sure you are aware, support for windows XP is stopping in the next couple of weeks, as it has come to the end of its existence. Over time, and since Vista, 7, and 8 operating systems have come out, it has become harder and harder to make a PC work from scratch with Windows XP.'

Godawgs then got me to copy some registry files to the desktop and we tried to run the scan from there, but I was still asked to insert the disk.

I seem to remember Phill saying that it might be to do with the fact that Service Pack 2 had subsequently been added.

Whatever the reason, we had no success in getting Scannow to work back then.

Edited by Channeal, 02 August 2016 - 07:28 AM.

#10
RKinner

Posted 02 August 2016 - 07:26 AM

Malware Expert

Expert
24,625 posts

Would have to be E:

Have you tried doing a check disk on E: Perhaps it will work better that way.

#11
Channeal

Posted 02 August 2016 - 07:40 AM

Member

Topic Starter
Member
879 posts

Would have to be E:

Have you tried doing a check disk on E: Perhaps it will work better that way.

Do you mean running Checkdisk on E while booting from the clone?

Sorry, I think you might have missed the second part of my post about the Windows XP disk. I started the post on my phone, then added the bit copied from 2014 here on my computer. You were a tad too quick for me though!

#12
RKinner

Posted 02 August 2016 - 07:53 AM

Malware Expert

Expert
24,625 posts

Do you mean running Checkdisk on E while booting from the clone?

Yes.

There are several flavors of XP - Home, Pro, 32 bit & 64 bit, + SP1, SP2, SP3 and probably more. I don't think your shop knows what they are talking about.

#13
Channeal

Posted 02 August 2016 - 02:07 PM

Member

Topic Starter
Member
879 posts

Okay...... I disabled Checkdisk and tried to boot into the no-boot drive. Checkdisk actually started to run though, so I thought it hadn't worked. I left the room for a while, thinking it would run for ages as usual. When I returned however, Checkdisk had stopped and it had booted into Puppy (I put the Puppy disk in as soon as I saw Checkdisk, to prevent it startling up all over again as soon as it had finished).

When I restarted again, it would not even attempt to get into Safe Mode and pressing F8 did not work. To my surprise though, it continued on to the desktop and this time it did not restart!

I got a message to say that the system had recovered from a fatal error (something that has happened more than once recently). The error is apparently connected with something called Common Software Manager which I believe is connected to a program called Nuance Paperport which is the printing/scanning software which came with my Dell C1765nfw printer.

There is no boot log as pressing F8 failed, but I got a picture of the following: -

#14
RKinner

Posted 02 August 2016 - 03:55 PM

Malware Expert

Expert
24,625 posts

Can you uninstall it?

Is Acronis on this drive?

#15
Channeal

Posted 02 August 2016 - 04:36 PM

Member

Topic Starter
Member
879 posts

I have uninstalled Paperport for now (presumably I will be able to reinstall later?)

I believe Acronis was deleted some time ago. My understanding of the problems with Acronis and Safemode was that the problems arise after uninstalling, due to bits lefts behind. Is that correct?