Can't boot into SafeMode

[phrank_10]

Hi,

I have a Windows XP SP3 computer with the following specs:

CPU: AMD Athlon XP (Barton) 3000+ Socket A
MoBo: Asus A7N8X-X w/ NVidia chipset and southbridge
Bios: Pheonix Rev 1009
Graphics: AGP v3,
Graphics card: ATI Radeon HD 3800 series
Memory: 2gb Kingston PC 3200 DDR
HDD: 75gb Maxtor (?) with 22gb free space

I've had an issue lately where my computer reboots when running an AV scan. I've now got it set so it doesn't reboot but rather the BSOD comes up. I have then tried to boot into Safe Mode to run the AV, but hitting F8 repeatedly before Windows startup doesn't work (continues to launch normally). I also shut the computer down at Windows start-up so that the next boot I would get the "Windows didn't start normally" dialogue screen where I could select Safe Mode. That did get me to that screen, but I'm not able to move the option away from Start Windows Normally, i.e., the keyboard arrow keys don't work. I tried a different keyboard with the same results. I also tried booting using the Windows XP cd-rom disc, and it bypassed the disc and went straight to normal start-up. I then went into the BIOS and changed all three boot options to CD-ROM, but it still by-passed the CD and booted from the harddrive.

Any thoughts or advice would be greatly appreciated. Thanks.

Frank

 

[ksiemb]

Hi,

I have a Windows XP SP3 computer with the following specs:

CPU: AMD Athlon XP (Barton) 3000+ Socket A
MoBo: Asus A7N8X-X w/ NVidia chipset and southbridge
Bios: Pheonix Rev 1009
Graphics: AGP v3,
Graphics card: ATI Radeon HD 3800 series
Memory: 2gb Kingston PC 3200 DDR
HDD: 75gb Maxtor (?) with 22gb free space

I've had an issue lately where my computer reboots when running an AV scan. I've now got it set so it doesn't reboot but rather the BSOD comes up. I have then tried to boot into Safe Mode to run the AV, but hitting F8 repeatedly before Windows startup doesn't work (continues to launch normally). I also shut the computer down at Windows start-up so that the next boot I would get the "Windows didn't start normally" dialogue screen where I could select Safe Mode. That did get me to that screen, but I'm not able to move the option away from Start Windows Normally, i.e., the keyboard arrow keys don't work. I tried a different keyboard with the same results. I also tried booting using the Windows XP cd-rom disc, and it bypassed the disc and went straight to normal start-up. I then went into the BIOS and changed all three boot options to CD-ROM, but it still by-passed the CD and booted from the harddrive.

Any thoughts or advice would be greatly appreciated. Thanks.

Frank

Review your bios changes - did they really take so CD is 1st boot device ?

 

[phrank_10]

Just confirmed that all three options are set to CD-ROM...and it boot up right past them using the normal Windows start-up on the hdd. I also ran a full system scan using AVG AV (free, 2012), and the scan didn't find anything.

Frank

 

[ksiemb]

Just confirmed that all three options are set to CD-ROM...and it boot up right past them using the normal Windows start-up on the hdd. I also ran a full system scan using AVG AV (free, 2012), and the scan didn't find anything.

Frank

I'm a little confused, bear with me - You ran a scan, so Windows is booting normally from HD ? Can you get online to download ? Unfortunately, it is a fact that a clean AV scan is no guarantee the system is not infected. You have some classic symptoms of a sophisticated infection, no CD boot, no safe mode, no KB functionality.....
Were you able to note the stop code, when you did get the bsod ?

If you can get online, download & run a utility called RKILL (It will disable known infections found running on the computer. ) Then d/l "Malwarebytes" free scanner. Before you run, click the update tab & download latest signature file updates, then scan.
you might also run rootkitrevealer, and tdsskiller. Another option would be to remove the HD, hang it on another system as secondary drive and scan it for infections (less effective, but may remove enough to get you running).

 

[phrank_10]

I have all three boot options set to CD-ROM, but it seemed to bypass the CD-ROM and just boot normally. I could hear the CD-ROM spinning, but I got no blue screen options to install or repair XP, just a normal Windows start-up.

Here's a couple new tidbits of info I discovered. I took out the system disk and restarted, and this time I got a Disk Boot Failure. When I put the XP system disk back in, it started 'normally' as before.

Also, I reseated my RAM, and I would still encounter a system restart with both 1gb sticks in there, but I removed one, and it now seems to be running stably.

I also just ran RKILL, Malwarbytes, and TDSSKiller, all which found no threats. Additionally, I ran Rootkiller Revealer, and it did find a few things in the registry, but I can't tell if they would cause something like this. I'm including the brief log file from that scan. Should I just go into the Registry, back it up, and then delete these keys?

HKLM\SECURITY\Policy\Secrets\SAC* 12/25/2010 8:28 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 12/25/2010 8:28 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\637957C374381304BBC97DA5FD6E1B10\Usage\Shared 12/11/2011 8:46 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\637957C374381304BBC97DA5FD6E1B10\Usage\Agent 12/11/2011 8:46 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{A880DF1B-0597-4817-A706-3FA6B6FE2DCE}\Icon 8/3/2011 7:24 PM 45 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{A880DF1B-0597-4817-A706-3FA6B6FE2DCE}\Icon 8/3/2011 7:24 PM 45 bytes Data mismatch between Windows API and raw hive data.

A friend was telling me that he thought it might be my hard drive going out. Is that possible with these indicators? Thanks again for looking at my issue.

Frank

 

[ksiemb]

I have all three boot options set to CD-ROM, but it seemed to bypass the CD-ROM and just boot normally. I could hear the CD-ROM spinning, but I got no blue screen options to install or repair XP, just a normal Windows start-up.

Here's a couple new tidbits of info I discovered. I took out the system disk and restarted, and this time I got a Disk Boot Failure. When I put the XP system disk back in, it started 'normally' as before.

Also, I reseated my RAM, and I would still encounter a system restart with both 1gb sticks in there, but I removed one, and it now seems to be running stably.

I also just ran RKILL, Malwarbytes, and TDSSKiller, all which found no threats. Additionally, I ran Rootkiller Revealer, and it did find a few things in the registry, but I can't tell if they would cause something like this. I'm including the brief log file from that scan. Should I just go into the Registry, back it up, and then delete these keys?

HKLM\SECURITY\Policy\Secrets\SAC* 12/25/2010 8:28 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 12/25/2010 8:28 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\637957C374381304BBC97DA5FD6E1B10\Usage\Shared 12/11/2011 8:46 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\637957C374381304BBC97DA5FD6E1B10\Usage\Agent 12/11/2011 8:46 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Control\StillImage\Events\STIProxyEvent\{A880DF1B-0597-4817-A706-3FA6B6FE2DCE}\Icon 8/3/2011 7:24 PM 45 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet002\Control\StillImage\Events\STIProxyEvent\{A880DF1B-0597-4817-A706-3FA6B6FE2DCE}\Icon 8/3/2011 7:24 PM 45 bytes Data mismatch between Windows API and raw hive data.

A friend was telling me that he thought it might be my hard drive going out. Is that possible with these indicators? Thanks again for looking at my issue.

Frank

Memory failure, + boot mbr + CD not recognized + Registry mismatches - kinda leaves me cold, Frank.
If that CD is spinning, but not booting from it, I suspect you may have a faulty CDrom drive, optical lens needs cleaning, or the media itself is no longer readable. Do you happen to have any other bootable media CD you can boot from to test the CD Drive can read ? I would leave the registry alone til last resort. Some of those entrys, you have been running with since December last year, although the ones dated 2011 might deserve further research.