MalwareCrypt
August 22, 2014, 03:48:05 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: 1 ... 9 10 [11] 12
  Print  
Author Topic: Windows XP - Dell Inspiron E1505 - cannot reboot  (Read 24979 times)
at54
Jr. Member
**
Posts: 82


« Reply #150 on: August 01, 2011, 07:27:59 PM »

Hi Jintan,

there are quite a few marked as "Manual"...I tried to start a couple of the Manual applications that I thought might be pertinent and got the ...cannot start in Safe Mode message...
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #151 on: August 02, 2011, 03:47:37 PM »

I would like to suggest you do another XP Repair Install now. We seem to have disabled all the thrid party drivers we could, to a point, and given the access and other changes, having Windows redo itself may correct things. Or correct them to a more meaningful level.
Logged
at54
Jr. Member
**
Posts: 82


« Reply #152 on: August 03, 2011, 05:00:50 AM »

Repair install completed.  It's back in a reboot loop...dell screen/windows screen / safe mode screen ...it keeps looping.  I tried to start in safe mode; last good known config and regular reboot...all keeps looping.

Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #153 on: August 03, 2011, 04:13:58 PM »

One thing we have not addressed was the earlier info showing some McAfee divers sharing some address space. Or some wording similar to that. I will need to review some, to see what changes need to be done.
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #154 on: August 03, 2011, 04:15:20 PM »

This:

Quote
WINLOGON_FATAL_ERROR (c000021a)
The Winlogon process terminated unexpectedly.
Arguments:
Arg1: e3dae670, String that identifies the problem.
Arg2: c0000005, Error Code.
Arg3: 7c9106c3
Arg4: 00c9da18

Debugging Details:
------------------

unable to get nt!KiCurrentEtwBufferOffset
unable to get nt!KiCurrentEtwBufferBase

OVERLAPPED_MODULE: Address regions for 'mfeapfk' and 'mfeavfk01.sy' overlap
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #155 on: August 03, 2011, 04:18:26 PM »

Huh, isn't being picked up in any logs so far. If you would, return to the Recovery Console prompt, and type this:

disable mfeavfk01

Se if you get confirmation that even exists.
Logged
at54
Jr. Member
**
Posts: 82


« Reply #156 on: August 03, 2011, 06:23:40 PM »

Hi Jintan,

Attempted your instructions:

disable mfeavfk01

The registry entry for the mfeavfk01 service cannot be located.  Check that the name of the service is specified correctly.
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #157 on: August 03, 2011, 06:53:43 PM »

Going to bounce back and forth on you here, though probably have been all along. In the Recovery Console, see if you can locate that service's file:

C:\Windows\System32\Drivers\mfeavfk01.sys

And using PC Regedit, see if you can locate it's Registry info:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeavfk01

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_mfeavfk01
Logged
at54
Jr. Member
**
Posts: 82


« Reply #158 on: August 03, 2011, 09:41:32 PM »


Recovery Console, see if you can locate that service's file: C:\Windows\System32\Drivers\mfeavfk01.sys

  No mfeavfk01.sys...but there were 2 files mfeavfk.sys

PC Regedit, see if you can locate it's Registry info:
I'm in MyFileChooser  Title - cannot find winddisks /hda2 - cannot find the following...not sure where to look?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeavfk01

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_mfeavfk01
Logged
at54
Jr. Member
**
Posts: 82


« Reply #159 on: August 03, 2011, 10:54:04 PM »


Here is what I found although I'm not sure I'm in the right area...

HKEY_LOCAL_MACHINE\SYSTEM\root\ControlSet001\Enum\Root\LEGACY_mfeavfk01
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #160 on: August 04, 2011, 03:29:07 PM »

That last part is helpful. Not sure if we have checked yet to see if ControlSet1 is also the control set in use there. Would match the CurrentControlSet. Could be this mismatch is what the dump file info was pointing to. If you located that CC1 key, I think you have a handle on how to move around using PC Regedit.

Were you unable to at least navigate to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Again, I think you had the right course there already. But if it helps still, in Step 2 here, instead of SOFTWARE, you are going to select SYSTEM, so SYSTEM becomes root. Then these keys, like CurrentControlSet, appear beneath that.

----------

Hate to say it, but xPUD would be the way to verify if a file is on the drive. Just need to do a search for:

mnt/sda1/Windows/System32/Drivers

To locate all the driver files. May be "sda2" - sorry, too much water under the bridge to recall off hand.
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #161 on: August 04, 2011, 03:30:58 PM »

So you know where we are going, once we have verified we have located all instances of "mfeavfk01" we can, we'll be deleting them. But need to be sure first.
Logged
at54
Jr. Member
**
Posts: 82


« Reply #162 on: August 04, 2011, 07:30:21 PM »



"SYSTEM\CurrentControlSet\Services

Again, I think you had the right course there already. But if it helps still, in Step 2 here, instead of SOFTWARE, you are going to select SYSTEM, so SYSTEM becomes root. Then these keys, like CurrentControlSet, appear beneath that."

I die: config - System - root - ControlSet001 - Enum - Root - LEGACY_MFEAVFK01

Under config-System-root:  there is NO CurrentControlSet
Under config-System-root: ControlSet001 (Control; Enum; Hardware Profiles; Services)
                                     ControlSet002 (Services)
                                     ControlSet003 (Services)
                                     LastKnownGoodRecover (LastGood)
                                     Mounted Devices
                                     Select
                                     Setup (AllowStart; Pid; Preinstall)
                                     WPA (Key-...; Key-...; MediaCenter; PnP; SigningHash-...; SigningHash-...)

Additional folders/files under most of the folders /sub folders.
                               
HOLD ON: I just found a CurrentControlSet folder:
     config-System-root-ControlSet001-Hardware Profiles-0001-System-CurrentControlSet (Control;Enum; Services)

     - in Enum (Bluetooth, BTH; GSTKCR; HDAUDIO;PCI; ROOT; SW; USB; USBSTOR; V1394)
     - in this ROOT folder:  MFE_NDISKMP (0000; 0001; 0002; 0003); MS_L2TPMINIPORT; MS_NDISWANIP;       MS_PPPOEMINIPORT; MS_PPTPMINIPORT; MS_PSCHEDMP; MS_PTIMINIPORT)

Sorry - not sure what you would think is relevant or not. 

I'm going to do the XPUD...and look for "mfeavfk01.sys" in the mnt/sda1/Windows/System32/Drivers?


Logged
at54
Jr. Member
**
Posts: 82


« Reply #163 on: August 04, 2011, 07:46:49 PM »


Ok, I'm in xPUD:

/mnt/sda2/WINDOWS/system32/drivers/mfeavfk.sys

(in drivers there are 407 visible items (0 hidden)...
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #164 on: August 04, 2011, 07:56:09 PM »

Sounds like you have checked pretty thoroughly. So one Registry entry. Let's see. Return to PC Regedit, to this key:


HKEY_LOCAL_MACHINE\SYSTEM\root\ControlSet001\Enum\Root\LEGACY_mfeavfk01

Right click on that, and select Delete Key. Save the changes, exit and try the reboot to Safe Mode.

Logged
Pages: 1 ... 9 10 [11] 12
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
SMFAds for Free Forums
Valid XHTML 1.0! Valid CSS!