Can't boot with this hard drive

S

snorkyller

Member
I have a problem with an another hard drive that has Windows XP on it.

When Windows XP is booting (black screen with the windows logo and the moving bars), the computer displays a blue screen with a message during less than 1/2 sec and the computer restart.

I made a video of the screen to be able to read the message and here's what it says (translated from french):
A problem has been detected and windows has been stopped to prevent any damage to your computer.
If your seeing this error message for the first time, restart you computer. If this message appears again, follow these steps:
Find any viruses on your computer. Delete any hard drive or hard drive controller newly installed. Check your drive to be sure that it it correctly configured.
Run CHKDSK /F to check if your hard drive has a damage, than restart your computer.
Technical informations:
STOP: 0x0000007B (0xF78A6528, 0xC0000034, 0x00000000, 0x00000000).

I have plugged this HD as 'slave' on an another computer, and everything is fine, I can use it (!!!). So, I have run CHKDSK /F on this HD with no errors in the result. I also did many scans on this HD with malwarebyte antimalware until it couldn't find any virus (yes there were many viruses). All this didn't solve the problem.

You can see below the log files from both Hijackthis and Malwarebyte Antimalware. But they have been created on the other computer with the hard drive plugged as a slave.

Is it an hardware or a software problem?

Thanks!

---------------------
HiJackThis log file
---------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:50:28, on 2010-06-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
D:\Avira\AntiVir Desktop\sched.exe
D:\Avira\AntiVir Desktop\avguard.exe
D:\APC Powerchute\mainserv.exe
D:\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\crypserv.exe
D:\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\System32\ups.exe
C:\windows\system32\wscntfy.exe
D:\ZoneAlarm\zlclient.exe
D:\Avira\AntiVir Desktop\avgnt.exe
D:\Java\jre6\bin\jusched.exe
D:\CyberLink\Power2Go\CLMLSvc.exe
D:\BitMeter\BitMeter2.exe
C:\windows\system32\wuauclt.exe
D:\APC Powerchute\apcsystray.exe
E:\Shell Folders\Bureau propriétaire\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CLMLServer] "d:\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "d:\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "d:\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Bitmeter2.lnk = D:\BitMeter\BitMeter2.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A658ACBB-AB9D-4CB6-A02C-E8EB5656A54A}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - D:\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - D:\APC Powerchute\mainserv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\windows\SYSTEM32\crypserv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\windows\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\windows\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\jre6\bin\jqs.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\windows\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\windows\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\windows\system32\smlogsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\windows\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 5731 bytes

---------------------------------
Malwarebytes antimalware's log file
----------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2010-06-07 21:25:48
mbam-log-2010-06-07 (21-25-48).txt

Scan type: Full scan (H:\|I:\|J:\|)
Objects scanned: 185577
Time elapsed: 35 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Last edited:
It was pointless to do a hijack this scan on a drive that you can't boot into windows. If its a malware issue the problem is that when the drive is hooked up as slave then the registry doesn't get scanned and that's where half the infections reside on a system. Try booting to windows in safe mode and see if it will allow you to get to the desktop. If not most likely a hardware issue.
 
Thank you for the answer Johnb35.

Booting in safe mode or in any other mode doesn't help except that there's no blue screen error message. It doesn't bring further in the boot process.

Is it possible to scan the registry that is on the slave HD? How could I do it?

Note: I have the Hiren's boot cd. I wonder if it could help me...

Thanks again!
 
Last edited:
You can always copy your entire HDD contents on some USB HDD using Linux Ubuntu and after that plug that USB HDD in another working computer and completely scan it for viruses.
You can also try to repair your operating system using it's CD disk.

If this didn't help,make a copy of your entire HDD using Linux Ubuntu on some other USB HDD,then reinstall XP OS on that non-working HDD and after the XP OS is fully installed,simply using Linux Ubuntu again copy all the USB HDD contents over the contents that are on the HDD on which you just installed XP OS.You will be asked to MERGE ALL folders and REPLACE ALL files.So click the MERGE ALL button and after that click the REPLACE ALL button.




Cheers!
 
skmore said:
its 100% RAM problem, try replacing RAM and also try to repair xp with clean boot cd
Click to expand...

It's not a boot problem since I tried to boot it with an another HD and it worked. Thanks anyway.

I have decided to format the HD and to copy an old ghost image.

Since you're telling me that it's not an hardware problem, so I can still use the HD and have no fear to lost my data.
 
You must log in or register to reply here.
Back
Top