Forum Home
Press F1
Thread ID: 98262	2009-03-17 20:44:00	vista starts with cmd box opening. hijackthis done. pls help	prajna (14722)	Press F1

Post ID	Timestamp	Content	User
757317	2009-03-17 20:44:00	Hello friends, when i shutdown my laptop from the start-shut button, the booting thereafter invariably starts by opening a cmd box followed by several runs in system 32 finally prompting me to type desktop...... for the desktop icons to actually appear. i can quit the box then by typing exit. Logfile is like this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:51 PM, on 3/17/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Speed+\Configurator\ventcfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\EpiValley\TATA Indicom Dialer\TATA Indicom Dialer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\real player\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Venturi Configurator] C:\Program Files\Speed+\Configurator\ventcfg.exe -nomsgbox O4 - HKLM\..\RunOnce: [DeleteOcx] C:\Windows\system32\Dell\SystemProfiler\DeleteOcx. cmd O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O13 - Gopher Prefix: O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - pccheckup.dellfix.com O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - supportapj.dell.com O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - O17 - HKLM\System\CCS\Services\Tcpip\..\{CC1DB037-3D63-410B-BD14-B2BBB239452D}: NameServer = 202.54.15.30 202.54.1.30 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_238116a1\aestsrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_238116a1\STacSV.exe O23 - Service: Venturi Client (VenturiClient) - Venturi Wireless - C:\Program Files\Speed+\Client\ventc.exe -- End of file - 7232 bytes i want vista to start normally without hav want vista ting to reformat. What runs in the cmd box is typically as follows: C:\Windows\system32>if exist c:\windows\*.dmp echo [ErrorHandler.CMD] It appears a BSOD occured check C:\Windows\*.DMP 1>>C:\Dell\fist\errorHandler.err C:\Windows\system32>if exist c:\windows\minidump\*.dmp echo [ErrorHandler.CMD] I t appears a BSOD occured check C:\Windows\minidump\*.DMP 1>>C:\Dell\fist\errorH andler.err C:\Windows\system32>echo [ErrorHandler.CMD] Error! Vista process called ErrorHan dler for an unknown process error. 1>>C:\Dell\fist\errorHandler.err C:\Windows\system32>echo [ErrorHandler.CMD] Please include these files in your r eport for trouble-shooting: 1>>C:\Dell\fist\errorHandler.err C:\Windows\system32>echo [ErrorHandler.CMD] setupact.cab 1>>C:\Dell\fist\errorH andler.err C:\Windows\system32>echo [ErrorHandler.CMD] setuperr.cab 1>>C:\Dell\fist\errorH andler.err C:\Windows\system32>echo [ErrorHandler.CMD] unattend.cab 1>>C:\Dell\fist\errorH andler.err C:\Windows\system32>echo [ErrorHandler.CMD] pkgmgrxl.cab 1>>C:\Dell\fist\errorH andler.err C:\Windows\system32>echo [ErrorHandler.CMD] setupdev.cab 1>>C:\Dell\fist\errorH andler.err C:\Windows\system32>echo [ErrorHandler.CMD] setupapp.cab 1>>C:\Dell\fist\errorH andler.err C:\Windows\system32>echo [ErrorHandler.CMD] pkgmgrlg.cab 1>>C:\Dell\fist\errorH andler.err C:\Windows\system32>echo [ErrorHandler.CMD] cbslog.cab 1>>C:\Dell\fist\errorHan dler.err C:\Windows\system32>echo [ErrorHandler.CMD] If they aren't on your manufacturing media, zip up entire windows\panther directory 1>>C:\Dell\fist\errorHandler.er r C:\Windows\system32>copy c:\windows\panther\unattendgc\setupact.log c:\dell\logs \setupact.log 1 file(s) copied. C:\Windows\system32>copy c:\windows\panther\unattendgc\setuperr.log c:\dell\logs \setuperr.log 1 file(s) copied. C:\Windows\system32>copy c:\windows\panther\unattend.xml c:\dell\logs\unattend.x ml 1 file(s) copied. C:\Windows\system32>copy c:\windows\panther\pkgmgr.xml c:\dell\logs\pkgmgr.xml 1 file(s) copied. C:\Windows\system32>copy c:\windows\inf\setupapi.dev.log c:\dell\logs\setupapi.d ev.log 1 file(s) copied. C:\Windows\system32>copy c:\windows\inf\setupapi.app.log c:\dell\logs\setupapi.a pp.log 1 file(s) copied. C:\Windows\system32>copy c:\windows\logs\cbs\cbs.log c:\dell\logs\cbs.log 1 file(s) copied. C:\Windows\system32>makecab c:\dell\logs\setupact.log c:\dell\logs\setupact.cab Cabinet Maker - Lossless Data Compression Tool 100.00% [flushing current folder] C:\Windows\system32>makecab c:\dell\logs\setuperr.log c:\dell\logs\setuperr.cab Cabinet Maker - Lossless Data Compression Tool 100.00% [flushing current folder] C:\Windows\system32>makecab c:\dell\logs\unattend.xml c:\dell\logs\unattend.cab Cabinet Maker - Lossless Data Compression Tool 100.00% [flushing current folder] C:\Windows\system32>makecab c:\dell\logs\pkgmgr.xml c:\dell\logs\pkgmgrxl.cab Cabinet Maker - Lossless Data Compression Tool 100.00% [flushing current folder] C:\Windows\system32>makecab c:\dell\logs\setupapi.dev.log c:\dell\logs\setupdev. cab Cabinet Maker - Lossless Data Compression Tool 100.00% [flushing current folder] C:\Windows\system32>makecab c:\dell\logs\setupapi.app.log c:\dell\logs\setupapp. cab Cabinet Maker - Lossless Data Compression Tool 100.00% [flushing current folder] C:\Windows\system32>makecab C:\Dell\Logs\pkgmgrlog.xml.txt c:\dell\logs\pkgmgrl g.cab Cabinet Maker - Lossless Data Compression Tool 100.00% [flushing current folder] C:\Windows\system32>makecab C:\Dell\Logs\cbs.log c:\dell\logs\cbslog.cab Cabinet Maker - Lossless Data Compression Tool 100.00% [flushing current folder] C:\Windows\system32>Net stop browser The Computer Browser service is not started. More help is available by typing NET HELPMSG 3521. C:\Windows\system32>Net stop workstation /y The Workstation service is stopping. The Workstation service was stopped successfully. C:\Windows\system32>Net start workstation The Workstation service is starting... The Workstation service was started successfully. C:\Windows\system32>c:\dell\fist\delay.exe 10 C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\setupa ct.cab setupact.cab [TAL.BAT] Version A01 [TAL.BAT] Warning - TAL.ERR Exists At Startup. [DismountUtilityPartition] Status: 0(0x0) [TAL.BAT] Manufacturing Media: DMP [TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\setupact.cab to DMP:\setupact.cab [DismountUtilityPartition] Status: 0(0x0) [rw_fat16] Unable To Locate A Valid Partition To Mount Looked For Partition Number: 0 (DMP) [TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700 [TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated [TAL.BAT] Program Exit: Result Code = 2 C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\setupe rr.cab setuperr.cab [TAL.BAT] Version A01 [TAL.BAT] Warning - TAL.ERR Exists At Startup. [DismountUtilityPartition] Status: 0(0x0) [TAL.BAT] Manufacturing Media: DMP [TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\setuperr.cab to DMP:\setuperr.cab [DismountUtilityPartition] Status: 0(0x0) [rw_fat16] Unable To Locate A Valid Partition To Mount Looked For Partition Number: 0 (DMP) [TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700 [TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated [TAL.BAT] Program Exit: Result Code = 2 C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\unatte nd.cab unattend.cab [TAL.BAT] Version A01 [TAL.BAT] Warning - TAL.ERR Exists At Startup. [DismountUtilityPartition] Status: 0(0x0) [TAL.BAT] Manufacturing Media: DMP [TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\unattend.cab to DMP:\unattend.cab [DismountUtilityPartition] Status: 0(0x0) [rw_fat16] Unable To Locate A Valid Partition To Mount Looked For Partition Number: 0 (DMP) [TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700 [TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated [TAL.BAT] Program Exit: Result Code = 2 C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\pkgmgr xl.cab pkgmgrxl.cab [TAL.BAT] Version A01 [TAL.BAT] Warning - TAL.ERR Exists At Startup. [DismountUtilityPartition] Status: 0(0x0) [TAL.BAT] Manufacturing Media: DMP [TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\pkgmgrxl.cab to DMP:\pkgmgrxl.cab [DismountUtilityPartition] Status: 0(0x0) [rw_fat16] Unable To Locate A Valid Partition To Mount Looked For Partition Number: 0 (DMP) [TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700 [TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated [TAL.BAT] Program Exit: Result Code = 2 C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\setupd ev.cab setupdev.cab [TAL.BAT] Version A01 [TAL.BAT] Warning - TAL.ERR Exists At Startup. [DismountUtilityPartition] Status: 0(0x0) [TAL.BAT] Manufacturing Media: DMP [TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\setupdev.cab to DMP:\setupdev.cab [DismountUtilityPartition] Status: 0(0x0) [rw_fat16] Unable To Locate A Valid Partition To Mount Looked For Partition Number: 0 (DMP) [TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700 [TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated [TAL.BAT] Program Exit: Result Code = 2 C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\setupa pp.cab setupapp.cab [TAL.BAT] Version A01 [TAL.BAT] Warning - TAL.ERR Exists At Startup. [DismountUtilityPartition] Status: 0(0x0) [TAL.BAT] Manufacturing Media: DMP [TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\setupapp.cab to DMP:\setupapp.cab [DismountUtilityPartition] Status: 0(0x0) [rw_fat16] Unable To Locate A Valid Partition To Mount Looked For Partition Number: 0 (DMP) [TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700 [TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated [TAL.BAT] Program Exit: Result Code = 2 C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\pkgmgr lg.cab pkgmgrlg.cab [TAL.BAT] Version A01 [TAL.BAT] Warning - TAL.ERR Exists At Startup. [DismountUtilityPartition] Status: 0(0x0) [TAL.BAT] Manufacturing Media: DMP [TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\pkgmgrlg.cab to DMP:\pkgmgrlg.cab [DismountUtilityPartition] Status: 0(0x0) [rw_fat16] Unable To Locate A Valid Partition To Mount Looked For Partition Number: 0 (DMP) [TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700 [TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated [TAL.BAT] Program Exit: Result Code = 2 C:\Windows\system32>cmd /c c:\Dell\fist\tal\tal.bat PutFiles c:\dell\logs\cbslog .cab cbslog.cab [TAL.BAT] Version A01 [TAL.BAT] Warning - TAL.ERR Exists At Startup. [DismountUtilityPartition] Status: 0(0x0) [TAL.BAT] Manufacturing Media: DMP [TAL.BAT] Copy File To MFG_MEDIA: c:\dell\logs\cbslog.cab to DMP:\cbslog.cab [DismountUtilityPartition] Status: 0(0x0) [rw_fat16] Unable To Locate A Valid Partition To Mount Looked For Partition Number: 0 (DMP) [TAL.BAT] ERROR - RW_FAT16 PutFiles failed On COPYHD2SYS. Error Was 700 [TAL.BAT] C:\DELL\FIST\TAL\TAL.ERR Updated [TAL.BAT] Program Exit: Result Code = 2 C:\Windows\system32>cmd /c c:\dell\fist\gk_fail.bat GK_FAIL has already been run at least once to fail this system. You should only see this if you booted to the customer partition after an audit mode failure. Use this cmd prompt to troubleshoot the failure. To interact with the Vista desktop type "desktop" [Enter] Closing or exiting this window in audit mode will reboot the system. c:\DELL\FIST>desktop c:\DELL\FIST>wmic PROCESS WHERE (Name="Audit.exe") DELETE /NOINTERACTIVE Deleting instance \\D8P2L2BS\ROOT\CIMV2:Win32_Process.Handle="3232" Instance deletion successful. c:\DELL\FIST> how to get out of this jam?	prajna (14722)
757318	2009-03-17 20:58:00	Tick these entries, then tick fix checked Close browsers O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" This looks suss O4 - HKLM\..\RunOnce: [DeleteOcx] C:\Windows\system32\Dell\SystemProfiler\DeleteOcx. cmd O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O13 - Gopher Prefix: O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone I would get malwarebytes (dw.com.com 9155%26part%3Ddl-10804572) update it then scan Then get trojan remover (www.simplysup.net) update it then scan Then select all options under the utilities menu	Speedy Gonzales (78)
757319	2009-03-18 00:42:00	This looks like Dell going into audit mode after detecting an error dump file ( . dmp) . (Have you had a BSOD just before this problem?) . C:\Windows\system32>if exist c:\windows\* . dmp echo [ErrorHandler . CMD] It appears a BSOD occured check C:\Windows\* . DMP 1>>C:\Dell\fist\errorHandler . err C:\Windows\system32>if exist c:\windows\minidump\* . dmp echo [ErrorHandler . CMD] I t appears a BSOD occured check C:\Windows\minidump\* . DMP 1>>C:\Dell\fist\errorH andler . err Look at these two commands . They are looking for . dmp files in C:\Windows and C:\Windows\minidump . Look in both these folders for . dmp files . I am betting you will find at least one . Delete all you find and reboot . This may get you out of it this time but will not prevent it happening again . Perhaps you need to ask Dell about this process . Let's know how you go .	linw (53)
757320	2009-03-19 03:28:00	searched for the *.dmp files in the two locations.None found. It may be a blue screen of death error handler and definitely audit mode response. Dell asks me to format and reload vistas which is a big hassle since they are asking me to backup all data. I have shifted data (except favorites, my documents) from C: (boot) drive to the partitioned drive d:However Dell does not guarantee protection of the partition while formatting and asks to reset to factory setting from E: Is there a way to avoid this? As regards hijackthis logfile i want a definite advice. The listed items are to be fixed only after i am sure no further harm will come from such action. I am downloading the two programs regarding malware and trojans but doubt anything will be found since i did an on line kapersky scan and nothing was detected. Thanks for the help and do let know what more.	prajna (14722)
757321	2009-03-19 03:39:00	Tick all of the entries in the log, if you havent yet. Then reboot If you dont know what this is ring Dell and ask them O4 - HKLM\..\RunOnce: [DeleteOcx] C:\Windows\system32\Dell\SystemProfiler\DeleteOcx. cmd This is probably whats bringing up that cmd window	Speedy Gonzales (78)
757322	2009-03-19 04:14:00	This is what i found with advanced search in hidden files. Is this relevant? Mini031509-01.dmp opens with Windows Shell Common Dll Size 135kb attributes CAN Object name : C:\Users\Administrator\AppData\Local\Microsoft\Win dows\WER\ReportQueue\Report0d2e1332\Mini031509-01.dmp	prajna (14722)
757323	2009-03-20 02:52:00	Please take this as opinion, only, as I don't think any of us can tell you what is wrong and how to fix it . There does seem something is seriously screwed with your system (not news to you!) and you should plan to get ALL your data saved to an external drive . After that you should seriously consider reverting it to the factory default . The system seems to be trying a re-install and failing resulting in it trying to save all sorts of log files into a cab file . You see mention of the Windows\Panther folder . This is used by Vista for installation log files . I have this folder on my machine, too . There are several worrying partition fails from TAL . bat . Partition not found . RW_FAT16 problems . Look here for similar errors . com/question/2224532/new-replacement-hard-drive-install-failure . html" target="_blank">allquests . com Good luck and sorry to not be able to help more . Let's know how it pans out .	linw (53)
757324	2009-04-14 18:10:00	i want to avoid saving data to an external drive.In fact i don't have the equipments. My desktop PC is not with me. I don't have the cables/accessories nor know how to connect my laptop with a PC (which should serve like an external drive). My laptop has three drives: C with the OS, D with data, and E for recovery programs and data like factory default etc. There is ample space in D:.If i transfer my Documents file and favorites from C: to D: and sacrifice the program files installed in c: and go for re-installing factory setting or reinstalling Vista will i lose data in D: and E: or will all the partitions get formatted and i will lose all data? Please suggest so that i can get rid of the original problem about bootup.	prajna (14722)
757325	2009-04-14 19:38:00	It should only overwrite your C drive if you select that option when doing the re install, make sure you read all of the screen prompts.	gary67 (56)
1