Jump to content

ralphyde

Honorary Members
  • Posts

    72
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Oregon
  1. In my previous topic (gateway-laptop-with-ssd-not-find-vista-sp2-wont-start-pxe-e76 ) , I was unable to restart my Gateway 32bit Vista laptop, except by using the Gateway Recovery management Partition. and doing a "Recovery with automatic data backup." This recovery worked flawlessly, and recovered Vista to its 2008 level, including 60 associated programs and Windows updates, and built an associated 23 gig BACKUP file which was stored in the top level of the Local Disk (C:) directory. It included a top level directory folder named: 14-08-23 12:39 AM, beneath which were folders, the same folder names that Vista initially builds in its structure including; Documents, Google, Graphics, Intel, Perflogs, Program files, System Volume Information, Users, and Windows, along with additional folders that had existed in the previous version on my computer, such as AmiPro, Downloads, Quicken98, and other programs and folders of mine, built since the previous recovery when I'd replaced a failing hard drive with a Crucial SSD. However, after recovering to this stage, I did not know the proper way to continue the recovery, how to get this backup structure back into the Local Disk (C:) structure in place of the one the recovery had built. I thought the first priority would be to continue applying updates to the system using Windows Update. But I ran into a problem with Windows Update, so went ahead and used the standalone installs of SP1 and then SP2, but Windows Update is still not working. And I still have not put the backed up directory structure back in place, and I don't even know how to do that. So I'm not sure what to do next, and am requesting any assistance as to the proper way to recover from this situation. I will make an offline backup of that BACKUP directory, before I do anything. And if I have to go back and start over, I am willing to do that, too, in the case that I have done things in the wrong order. I am 76 years old and struggling to get this recovery right, so I would appreciate any help anyone could give me as to the proper method of doing this recovery to get me back to where I was before the startup problem. Thank you very much, Ralphyde
  2. Successful startup, but two new problems to deal with. I have also downloaded and installed SP-1 and SP-2 Windows Update has not been working since startup. It was an old version, 7.0, so I thought a newer version might get around the problem, so I installed the 7.4 agent, since the latest 7.6 wasn't available for downloading and installing. But with 7.4 agent, I'm still having problems, says it isn't started, though I have put in the recommended settings. The other problem or question is: How to use the BACKUP file from the rebuild run to replace the new (old - 2008) system that was restored. The Recovery from the recovery partition (with saving data) built a folder called BACKUP with folders under the Local Disk (C:) directory entry It has the same directory structure as the newly built one all the way down through WINDOWS, with all the previous contents. What I need to know is whether I can just replace the newly built structure with the Backup structure, that would put the computer back the way it was before the problem and would be the ideal solution if it could be done. Thanks for any assistance with either of the two problems Ralphyde
  3. Well, I bit the bullet today, and ran the Windows restore (with saving data option) program from my recovery partition. It ran flawlessly an installed the 2008 version of Windows Vista, along with 60 associated programs and Windows update. I turned on wi-fi and tried to run Windows Update, to get some of the early updates, with setting of - Let me decide which ones to download and install. I hoped to create smaller more manageable batches to install. But that old version of Windows Update wouldn't give me anything. I then installed and ran my copy of Malwarebytes Pro to shield the system while on wi-fi, and ran a scan, finding no problems. Now I need to find out how to bring my Windows Vista up to SP2 level. Can someone please tell me how? Can I skip the individual fixes and go right to Sp1, and then straight to SP2? And will that give me an updated Windows Update as; well? I appreciate any knowledge about this. Thanks. ralphyde
  4. I have a Gateway P-6301 Laptop computer that had a failing hard drive in 2013, which I successfully replaced with a Crucial SSD, then recovered the factory Windows Vista from the recovery partition, then applied all the updates to bring it up to SP-2, and reinstalled my programs, including some that will only run on 32 bit machines (like AmiPro). It has been running flawlessly since then, as I keep it healthy with Malwarebytes Pro and System Mechanic. So it had no malware on it, and was running fine through August 20. But when I tried to start it on August 21, it got only to the black screen with the cursor in the middle, and stayed that way forever. instead of bringing up the Windows icon and password dialog. Pressing the start button would shut it down after about 50 seconds. Starting it with PF8 would bring up the repair choices, but Windows would not come up in Safe mode either, nor would command prompt, or directory services. The Repair Computer option, would allow me to access the Gateway System Recovery Options screen showing the following choices: startup repair, system restore, Windows complete PC restore,Windows Memory diagnostic tool, command prompt, and recovery manager. Startup repair ran through several tests all of which came back with code 0x0, then "boot status indicates that the OS booted successfully". and "Startup Repair could not detect a problem." System Restore didn't do anything. The Memory diagnostic tool ran successfully. When I try to startup with PF12, it shows whats happening quickly, and the Error PXE-E76 flashes by "Bad or missing multicast discovery address" Then PXE-M0F "Exiting PXE-ROM" I tried changing the start device order in the BIOS to no avail. It seems like the link to the part of the strartup routine that puts up the Windows icon and the signon dialog is lost. If all else fails, it appears that I'll have to bite the bullet and do a recovery from the recovery partition, saving data but putting Vista back to 2008 status, then have to update to SP2 again. I'm hoping there's something easier than that long process.. I would appreciate any assistance with this problem. Thanks ralphyde
  5. Amaziingly, I've gotten on today normally, after several more crashes. This time (it always comes up to the signon screen, giving me a choice of Ralph (admin) or Guest (no signon)), but if I choose Ralph, it goes into a Welcome loop, then crashes. This time, I got on as Guest, and that desktop came up, allowiing me to get onto Chrome, as well as this forum, and even Windows Explorer, on which I copied some of my vital files to a 16G flash drive. Most were already threre. The system runs smoothly and nice as long as I don't try to sign on, which is where there is an unwriteable sector, I think. Hopefully, now, I have most of what I'll need to migrate to my new Windows 7 laptop, when it arrives. Though I'm not sure about my Windows Mail.
  6. Yes, Ron warned me that other symptoms were indicating a failing hard drive, but I was still able to get on and work normally for hours at a time over a period of weeks. But now it seems the end has come. I have already ordered a Windows 7 laptop to replace it, but hoped to keep it going for a few more days, perhaps. And I'm hoping that my Malwarebytes Secure Backups will be restorable to my new Toshiba Windows 7 laptop. But today, an attempted normal startup got to the signon screen, I signed on, then it went to the 'welcome' screen for about 30 minutes, before crashing with the following message: STOP: c000021a {Fatal System Error} The Windows subsystem system process terminated unexpectedly with a status of 0xc0000005 (0x75879529 0x00bef3f4). The system has been shut down. collecting data for crash dump. . . ... contact your system admin or technical support group for further assistance. So that's where I stand now. Using F8 on startup, I am able to get to the repair screen, but don't know if any options would help. Have tried to get up in safe mode, but no go. Any suggestions?
  7. My Vista laptoop Has been having troubles, but I have been able to get on up til now. Today I was able to get to the Windows signon, then sighnon, but then the computer went into an endless 'welcome' loop. Eventually forced shutdown. Have tried to get on in Safe Mode. Same thing Finally I got the following Windows error message: The instruction at 0x00bf1e8e referenced memory at 0x000001fe. The memory could not be written. Click OK to terminate program. Anyone got any ideas as to how to get past this? Thanks
  8. Startup problem on Vista laptop

  9. Thanks for all the reference material. I am currently using Malwarebytes Pro, as well as Secure Backup. And I am a subscriber to Windows Secrets, though I can't keep up with it. Last night I decided to see if I could run a Malwarebytes full scan, just to see if my computer could do it without freezing up. And first, I scheduled a CHKDSK /f. I started around 9:45. When I went to bed after 11, Malwarebytes Pro showed one issue found. But when I checked at 2:30 AM, the screen was black, and nothing I could do would revive it, so I closed it. In the morning, I restarted (chose normal startup), but couldn't find any output from the full scan. The event log showed that at 2:06, there were a gupdate, 2 system restore point creations, another gupdate, and a VSS at 2:09. (I don't know what these mean). I haven't found any output from the Malwarebytes run, and nothing shows in its history tab. The output from the CHKDSK run shows the same index rebuilding involving taskmgr and wmplayer, which I don't understand. Here is the output from that run: Log Name: ApplicationSource: Microsoft-Windows-WininitDate: 10/21/2013 9:46:58 PMEvent ID: 1001Task Category: NoneLevel: InformationKeywords: ClassicUser: N/AComputer: RALPH-PCDescription: Checking file system on C:The type of the file system is NTFS. A disk check has been scheduled.Windows will now check the disk. 318912 file records processed. 1516 large file records processed. 0 bad file records processed. 0 EA records processed. 68 reparse records processed. Unable to locate the file name attribute of index entry wmplayer.exeof index $I30 with parent 0xcb in file 0x3688f.Deleting index entry wmplayer.exe in index $I30 of file 203.Unable to locate the file name attribute of index entry inetpp.dllof index $I30 with parent 0x5b3 in file 0x30fc9.Deleting index entry inetpp.dll in index $I30 of file 1459.Unable to locate the file name attribute of index entry taskeng.exeof index $I30 with parent 0x5b3 in file 0x36e5b.Deleting index entry taskeng.exe in index $I30 of file 1459.Unable to locate the file name attribute of index entry taskmgr.exeof index $I30 with parent 0x5b3 in file 0x200cc.Deleting index entry taskmgr.exe in index $I30 of file 1459.Unable to locate the file name attribute of index entry wer.dllof index $I30 with parent 0x5b3 in file 0x30de1.Deleting index entry wer.dll in index $I30 of file 1459. 386080 index entries processed. CHKDSK is recovering lost files.Recovering orphaned file taskmgr.exe (131276) into directory file 1459.Recovering orphaned file wer.dll (200161) into directory file 1459.Recovering orphaned file inetpp.dll (200649) into directory file 1459.Recovering orphaned file wmplayer.exe (223375) into directory file 203. 5 unindexed files processed. Recovering orphaned file taskeng.exe (224859) into directory file 1459. 318912 security descriptors processed. Cleaning up 9 unused index entries from index $SII of file 0x9.Cleaning up 9 unused index entries from index $SDH of file 0x9.Cleaning up 9 unused security descriptors. 33585 data files processed. CHKDSK is verifying Usn Journal... 34528776 USN bytes processed. Usn Journal verification completed.Correcting errors in the Volume Bitmap.Windows has made corrections to the file system. 145773809 KB total disk space. 70644432 KB in 260267 files. 145660 KB in 33586 indexes. 60 KB in bad sectors. 437309 KB in use by the system. 65536 KB occupied by the log file. 74546348 KB available on disk. 4096 bytes in each allocation unit. 36443452 total allocation units on disk. 18636587 allocation units available on disk. Internal Info:c0 dd 04 00 e9 7b 04 00 05 b9 07 00 00 00 00 00 .....{..........32 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00 2|..D...........42 00 00 00 e2 73 ef 76 58 84 40 00 58 7c 40 00 B....s.vX.@.X|@. Windows has finished checking your disk.Please wait while your computer restarts. Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" /> <EventID Qualifiers="16384">1001</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2013-10-22T04:46:58.000Z" /> <EventRecordID>143591</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>Application</Channel> <Computer>RALPH-PC</Computer> <Security /> </System> <EventData> <Data> Checking file system on C:The type of the file system is NTFS. A disk check has been scheduled.Windows will now check the disk. 318912 file records processed. 1516 large file records processed. 0 bad file records processed. 0 EA records processed. 68 reparse records processed. Unable to locate the file name attribute of index entry wmplayer.exeof index $I30 with parent 0xcb in file 0x3688f.Deleting index entry wmplayer.exe in index $I30 of file 203.Unable to locate the file name attribute of index entry inetpp.dllof index $I30 with parent 0x5b3 in file 0x30fc9.Deleting index entry inetpp.dll in index $I30 of file 1459.Unable to locate the file name attribute of index entry taskeng.exeof index $I30 with parent 0x5b3 in file 0x36e5b.Deleting index entry taskeng.exe in index $I30 of file 1459.Unable to locate the file name attribute of index entry taskmgr.exeof index $I30 with parent 0x5b3 in file 0x200cc.Deleting index entry taskmgr.exe in index $I30 of file 1459.Unable to locate the file name attribute of index entry wer.dllof index $I30 with parent 0x5b3 in file 0x30de1.Deleting index entry wer.dll in index $I30 of file 1459. 386080 index entries processed. CHKDSK is recovering lost files.Recovering orphaned file taskmgr.exe (131276) into directory file 1459.Recovering orphaned file wer.dll (200161) into directory file 1459.Recovering orphaned file inetpp.dll (200649) into directory file 1459.Recovering orphaned file wmplayer.exe (223375) into directory file 203. 5 unindexed files processed. Recovering orphaned file taskeng.exe (224859) into directory file 1459. 318912 security descriptors processed. Cleaning up 9 unused index entries from index $SII of file 0x9.Cleaning up 9 unused index entries from index $SDH of file 0x9.Cleaning up 9 unused security descriptors. 33585 data files processed. CHKDSK is verifying Usn Journal... 34528776 USN bytes processed. Usn Journal verification completed.Correcting errors in the Volume Bitmap.Windows has made corrections to the file system. 145773809 KB total disk space. 70644432 KB in 260267 files. 145660 KB in 33586 indexes. 60 KB in bad sectors. 437309 KB in use by the system. 65536 KB occupied by the log file. 74546348 KB available on disk. 4096 bytes in each allocation unit. 36443452 total allocation units on disk. 18636587 allocation units available on disk. Internal Info:c0 dd 04 00 e9 7b 04 00 05 b9 07 00 00 00 00 00 .....{..........32 7c 00 00 44 00 00 00 00 00 00 00 00 00 00 00 2|..D...........42 00 00 00 e2 73 ef 76 58 84 40 00 58 7c 40 00 B....s.vX.@.X|@. Windows has finished checking your disk.Please wait while your computer restarts.</Data> </EventData></Event> And I still don't understand why we weren't able to read the minidumps by zipping.them. Were settings changed somehow? My system seems to be running better, but not without anomalies. I have suspected all along that stealthy changeswere made my some malware, which have affected my system. What about wmplayer? and taskmgr? Still not sure what to do next.
  10. I will try to run a Malwarebytes Pro full scan tonight. I hadn't been able to do that recently because my computer would bog down and freeze up. We'll see if that problem has been put behind us. My computer has been up and running all day, including the ESET scan on IE, and several programs including Facebook on Chrome including this one. So we'll see.
  11. Yes, I read your warning about possibly failing hard drive, but have had no other indication of that, and since Windows was able to fix it, I feel hopeful that it won't cause any more trouble. Is there some source I could read about that? My computer has been much more stable for the past few days since I uninstalled my recently purchased (February, 2013) HP PHotosmart printer. The tech gave me newer installation software which I have not used yet, will wait until other issues are solved. I shold also probably uninstall my old Canon printer before I do that. And I have purchased MalwareBytes Secure Backup to save my important data. I will probably be getting a newer laptop before too long, anyway.
  12. I looked up these threats in the files listed to see when they were downloaded. The first one was a little cat application that I'd had on various computers, dated 11-19-2001 The second was Registry Booster from Uniblue dated 2-04-2010 The third was a Google Earth setup from 3-11-2013. I think I was looking for an earlier version. The fourth was Speedupmypc from Uniblue, whom I trusted, on 2-06-2013. Malwarebytes full scans never indicated that any of them were threats, nor did MSE..
  13. ESET finished. Here is the output as a txt file: C:\download\Felix2.exe Win32/Joke.ScreenMate applicationC:\Users\Ralph\Documents\Downloads\registrybooster.exe a variant of Win32/RegistryBooster applicationC:\Users\Ralph\Downloads\google earth setup.exe a variant of Win32/Soft32Downloader.D applicationC:\Users\Ralph\Downloads\speedupmypc.exe multiple threats Since I ran ESET with 'Remove found threats' unticked, as instructed, how do I go about removing them now?
  14. Okay, This afternoon, I started ESET online scan again. It breezed right past the repaired (by CHKDSK /R) bad clusters in file 6939 of C: boot\bootstat.dat, which had hung up ESET on two previous attempts to run it. As of now, after 4 hours of scanning and about 50% of the way through, it has found 4 infected files so far: These are: 1. Win32/Joke.Screenmate application 2. a variant of Win32/Registry Booster application 3. a variant of Win32/Soft32 Downloader D application 4. multiple threats So, I will let it continue running into the night and finish this time, if it will. These infected files were not found by Malwarebytes Pro or MSE, but I have not been able to do a full scan with either of these programs since August 30 (I believe). I have done Flash scans with Malwarebytes Pro, and quick scans with MSE. But I don't know how recent these infections are. If I get a report I will print it.
  15. Okay, I scheduled another run of CHKDSK /R for last night when I went to bed, around 10 PM. When I checked on it later, it had completed stage 4, verifying file data. The bad clusters which had been found in boot/bootstat.dat in the previous run, had indeed been fixed. (I still want to rerun ESET to make sure it gets past that area). But later still, it had hung up in stage 5, making no further progress all night. This time it only completed 71% of the free space clusters, as opposed to 79% the previous afternoon. Here is what remained on the screen this morning (hand written and typed here): Deleting index entry taskmgr.exe in index $I30 of file 1459. Deleting index entry wer.dll in index $I30 of file 1459. 386164 index entries processed. Index verification completed. CHKDSK is recovering lost files. Recovering orphaned file taskmgr.exe (131276) into directory file 1459. Recovering orphaned file wer.dll (200161) into directory file 1459. Recovering orphaned file inetpp.dll (200649) into directory file 1459. Recovering orphaned file wmplayer.exe (223375) into directory file 203. 5 unindexed files processed. Recovering orphaned file taskeng.exe (224859) into directory file 1459. CHKDSK is verifying security descriptors (stage 3 of 5). . . 318912 security descriptors processed. Security descriptor verification completed. 33627 data files processed. CHKDSK is verifying usn journal. . . 33855032 USN bytes processed. usn journal verification completed. CHKDSK is verifying file data (stage 4 of 5). . . 318896 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5). . . 71 percent complete. (12047345 of 18627258 free clusters processed) Now I am interested in rerunning ESET, as it only scanned a small portion of the disk before hanging up in boot/bootstat.dat (which has now had bad clusters replaced). Thanks for your advice about failing hard drive, but I'd like to investigate further. But I think I will schedule another CHKDSK /R first. PS - the system came up much quicker this morning after first forcing a shutdown hasn't shown signs of freezing up yet, but it's still too soon to say.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.