32 replies to this topic

[VineetD]

Can I do this using the Safe mode with Networking ? Like I said the normal mode just hangs

[Broni]

Fine for the first tool.

For the second one, If you CAN use normal mode it'd be better, but if not do it in safe mode.

[VineetD]

This is for the first tool
=======================

MiniToolBox by Farbar
Ran by Vineeth (administrator) on 18-11-2011 at 19:10:18
Windows 7 Ultimate (X64)

***************************************************************************
========================= Hosts content: =================================

127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2011 06:42:26 PM) (Source: Microsoft Security Client Setup) (User: Vineeth)Vineeth
Description: HRESULT:0x8004FF11
Description:Can’t install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (11/18/2011 06:08:22 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (11/18/2011 06:08:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (11/18/2011 06:08:22 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (11/18/2011 03:09:28 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = OTL Restore Point - 11/18/2011 3:09:28 PM; Error = 0x8007043c).

Error: (11/18/2011 02:54:57 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\mssrch.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\Windows\System32\mssrch.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (11/18/2011 02:54:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7600.16808, time stamp: 0x4dc0d1c6
Faulting module name: MSSRCH.DLL, version: 7.0.7600.16808, time stamp: 0x4dc0e16d
Exception code: 0xc0000006
Fault offset: 0x0000000000101ecc
Faulting process id: 0xacc
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (11/18/2011 01:12:53 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\bitsigd.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\bitsigd.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (11/18/2011 01:12:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7b325
Exception code: 0xc0000006
Fault offset: 0x000000000003d83f
Faulting process id: 0x1a8
Faulting application start time: 0xsvchost.exe_BITS0
Faulting application path: svchost.exe_BITS1
Faulting module path: svchost.exe_BITS2
Report Id: svchost.exe_BITS3

Error: (11/18/2011 11:59:12 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\bitsigd.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\bitsigd.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3


System errors:
=============
Error: (11/18/2011 07:05:52 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff80002cccaa6, 0xfffff88002ac9ee0, 0x0000000000000000)C:\Windows\MEMORY.DMP111811-17347-01

Error: (11/18/2011 07:05:48 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:03:42 PM on ?11/?18/?2011 was unexpected.

Error: (11/18/2011 07:01:44 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service failed to start due to the following error:
%%1053

Error: (11/18/2011 07:01:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

Error: (11/18/2011 07:01:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (11/18/2011 06:58:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service hung on starting.

Error: (11/18/2011 06:58:08 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

Error: (11/18/2011 06:57:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (11/18/2011 06:56:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

Error: (11/18/2011 06:55:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.


Microsoft Office Sessions:
=========================
Error: (11/18/2011 01:20:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1071 seconds with 0 seconds of active time. This session ended with a crash.


========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 1908.55 MB
Available physical RAM: 943.28 MB
Total Pagefile: 3817.1 MB
Available Pagefile: 2810.55 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:259.76 GB) NTFS

========================= Users: ========================================

User accounts for \\VORTEX

Administrator Guest Vineeth


**** End of log ****

[Broni]

I still need SIW data.

[VineetD]

Here u go .. I finally managed to get it in normal mode

Attached Images

• 

[Broni]

Looks fine for a laptop.

How old is this machine?

I'm leaning toward some hardware issues.

Run hard drive diagnostics: http://www.tacktech....ay.cfm?ttid=287 (or http://www.bleepingc...rive+diagnostic)
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: http://www.imgburn.com/ to burn .iso file to a CD (select "Write image file to disc" option), to make the CD bootable.
For Toshiba hard drives, see here: http://sdd.toshiba.c...ties#diagnostic

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

=======================================================================================================

A. If you have more than one RAM module installed, try starting/running computer with one RAM stick at a time.

NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A

B. If you have only one RAM stick installed...
...run memtest...

1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-....iso.zip file.
3. Inside, you'll find memtest86+-....iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:



8. Locate memtest86+-....iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:



10. Once the CD is created, boot from it, and memtest will automatically start to run.

The running program will look something like this depending on the size and number of ram modules installed:




It's recommended to run 5-6 passes. Each pass contains very same 8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.



The following image is the test results area:



The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.

[VineetD]

This machine is barely six months old. I am sure its not a hardware issue but I will try to run those tests.

Alternatively I could just reinstall the OS and see if that helps.

What are your thoughts on the .dll file that I said I think was corrupted.. bitsigd.dll ?

[Broni]

I don't think that file is crucial to your issue.
bitsigd.dll stands for Background Intelligent Transfer Service IGD Support and it's network related.
I can't see how this would be connected to a few minutes long boot.

If your laptop is only 6 months old.........if I were you I'd immediately call Lenovo. Still under warranty so the call is free.

[VineetD]

I have tried to figure out what Harddrive I have and maybe I am being stupid here but I am not able to find more details on it..

I have a ThinkpadEdge 14 (0578) ..

[Broni]

Re-run SIW, which you already have and it'll tell you everything.

[VineetD]

Allright I got it .. Is there a way to boot from a USB ?

I have a Seagate and I will have to download the software from here ..http://seagate.custk...1271&NewLang=en

I don't have a RW CD.

[VineetD]

http://www.raymond.c...on-boot-to-usb/ I found this .. let me know if this is a good way to test it ...

[Broni]

That should work.