Blue Screen of Death at Startup, Physical Memory Dump

[ElliotFriend]

I'm currently trying to salvage my girlfriend's laptop. Her sister used to borrow it to use P2P programs, and may have done some serious damage.


She's running:
Acer Aspire 3000
Windows XP SP2
Processor 2800+ 1.60 GHz
192 MB of RAM

When I got it, it would give me the BSOD each time I tried to boot up. It would immediately give me the screen after I clicked on her username at the profiles screen. It would boot up in safe mode, though. In safe mode, I uninstalled a lot of the useless programs that were installed on it.

Then, it began to boot up out of safe mode. It started to load the settings and even loaded the desktop and began to startup, but gave me the BSOD and restarted shortly thereafter.

Currently, it gives me some sort of combination between starting a little before crashing, and going right to the BSOD


This is the technical data it gives me at the BSOD

DRIVER_IRQL_NOT_LESS_OR_EQUAL

then at the bottom of the screen:

STOP: 0X000000D1 (0XE18010000, 0X00000002, 0X000000000, 0XF4ECA0A5)


I don't exactly know what to do first. Thanks for any and all help!

 

[Tmagic650]

Go ahead and try the 8-step virus & Malware Removal in this forum... be sure to post the scan results

 

[ElliotFriend]

I've been trying the 8-steps, but I'm having issues installing Avira in Safe Mode. The laptop won't boot up out of safe mode long enough to install it there.

Any suggestions?

 

[Tmagic650]

Can you restore the laptop using the built in OS restore? If not you will have to reinstall the OS from a Windows Install disk

 

[ElliotFriend]

I got the Avast software to work instead of Avira.

I will try the restore after it finishes scanning, though.

The laptop is about 5 years old, and I asked about any system disks that she might have, but that doesn't look promising.

 

[rwc1969]

if the laptop HDD is in original configutration you should be able to get to the recovery partition by pressing ALT+F10 at the BIOS or starting to load windows screen. Just keep pressing ALT+F10 after you boot it up. Once in there you should be able to restore the factory default image without a CD.

 

[ElliotFriend]

Would a system restore to factory defaults lose any data?

She's particularly concerned about the pictures and music on the laptop.

 

[monk89]

you could try a memory stick and copy what you can before BSOD kicks in (be sure to scan the stick before putting the files back to any machine)
because i assume a restore to factory settings means no more user's/ files /documents in that machine

 

[rwc1969]

Restoring to factory default you will lose all data that was put on the machine after it was first setup. i.e. Documents and settings, my pictures, applications, etc. You can use windows NTbackup to back up the important stuff, save it to an external source, USB thumb drive or HDD, and after the factory restore, restore the important stuff using Windows NTbackup. Don't do a full backup or you will just restore it to the exact condition it is now, which is unnacceptable.

 

[ElliotFriend]

Rather than completely restore the laptop, do you think it would be salvageable? I can restore it to the factory settings if it is absolutely necessary, but I'd like to avoid it if possible.

I've been trying to go through the 8-steps to start with, and have run into a virus right away. Each time I start Avast, it scans the physical memory and it says that there is a Trojan Horse in the operating system. The infected file is c:\windows\system32\uacthwhossibi.dll. It says that the malware name is "Win32:Fasec [Trj]." Avast recommends that I move the file to the "virus chest," but when I try to do that, it says the file is being used by another process and cannot be moved. It also wants to do a boot-time scan of the whole system, but whenever I try to do that, it doesn't get past the BSOD and it won't end up scanning. Any thoughts??

Also, I've been logging in to the Administrator username in safe mode. Should I be logging in under her username instead? Does it really make a difference?

Thanks for everything!

 

[ElliotFriend]

@Tmagic650

I have tried to use the System Restore tool, but it doesn't do anything. It lets me choose when I wish to restore to, but when I click the "Restore" button, it doesn't do anything. It just sits there.

 

[Badfinger]

I'm leaning toward a possible RAM issue, I'd look at the stick(s) in it, and see if seated fully and check the contacts out, clean with a rubber eraser if they look dark on the ends, remove any dust, and as someone else mentioned replace the stick if ALL else is failing, also is the HD the original, that sucker ever been defragged in 5 years? and 5 years is OLD for a HD, that might be failing.
Visit defraggler.com for a free one that is far far far superior to Windows built in one.

 

[Badfinger]

Install Winpatrol and find that .dll in Hidden probably and delete it, it will say it will do it on reboot, then reboot, see if that works.

ALSO look in C:\windows\system32\dllcache directory for that .dll and if listed, it's set to be replaced if just deleted manually from that other spot if you were able to actively stop it from running.

Another old tool that will give MORE info about what is running is Y-Kill if you can still find it. (freeware, but vanished)
Another is Process lasso, still around, I believe.

 

[ElliotFriend]

I tried Winpatrol to find the .dll, but to no avail. I've tried searching. I've tried looking manually. I can't find the file anywhere.

I can't find the dllcache, either. Is that the name of the folder or will it be something else?

I will examine the RAM, and run a defrag and let you all know what comes up.

Thanks!!

--

Cleaned out the RAM. It started up this time out of safe mode (which it hadn't in a while). It didn't last long before the BSOD kicked in, but the fact that it started that way at all is promising. Right?

 

[spkenny]

As a tech, anything like this I first scan the hard drive externally from another computer. This more than often will at least prevent the BSOD from possibly continuing. I would also do scans on the ram and hard drive to check integrity. 5 years on a hard drive is not unheard of, but at the same time, you never know of bad sectors until you check.

 

[ElliotFriend]

@spkenny

How do I scan her hard drive from my computer. I'm working mostly off of mine already for research and stuff. How do I connect the two, so that I can scan her laptop HD from my laptop?

 

[ElliotFriend]

After talking it over with the girlfriend, she's given me the go ahead to restore the computer to factory settings. However, I tried the ALT + F10 trick that rwc1969 mentioned, but it didn't work. Again, the chances of getting my hands on the CDs that came with the laptop are slim. I read somewhere about creating a boot disk using c:\i386. Would that process work?

 

[spkenny]

If you lived near where I do (st. George Utah) I could not only provide you with the necessary cd for the reformat, but reguarding the scan from an external hookup, I have all that equipment. Its on ebay for between 10 to 11 dollars. Known as a ide to usb adapter. Basically it can hook up a regular IDE Hard drive, SATA drive, or an IDE laptop drive all to the same connector. Then from the hard drive, it has a usb connection that you plug into a usb port on a computer. From there when you plug it in, it simply shows as an extra drive letter like when u plug in a Flash drive. Then you can scan that drive letter with your antivirus, or other programs. What xp is it? Home, or Pro? A trick you can do is for example, if it is xp home, find a copy of xp home from a friend or otherwise. As long as it accepts the xp product key on the bottom, you're home free. But then you will need to find and download the drivers that need loaded from the Acer site. The best and final solution is to contact ACER and order some recovery cd's. Not only will it have the proper version of your operating system for that laptop, but it will contain all the drivers as well.

 

[rwc1969]

Did you try repeatedly pressing ALT+F10 continuosly after turning the machine on? You have to keep repeatedly pressing the combo all the way thru the boot process, over and over again. You may have to re-try several times. It's possible this system didn't come with eRecovery. Is there a special "e" button up near the power button? or anywhere else on the system? it may have just shipped with recovery disks and not a eRecovery partition.

As spkenny said Acer might have the recovery cds for you. If not you'll either have to get the virus removed or do a clean reformat and install using a Windows setup cd. and then download and restore all the drivers manually.

it's a very short window for eRecovery pressing ALT+F10. It usually takes me 3 or 4 reboots to hit it just right.

Here's a link to the acer site and what I believe is your system http://support.acer-euro.com/drivers/notebook/as_3000_5000.html According to this it does have eRecovery