Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue screen, unable to log into or restart into normal mode, please help


  • Please log in to reply
13 replies to this topic

#1 Antony88

Antony88

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 30 April 2014 - 04:26 PM

First, here are my system specifications:

 

Using Windows 7 Home Premium Service Pack 1

 

Manufacturer: TOSHIBA

 

Model: Satellite L775D

 

System type: 64-bit Operating System

 

 

I've been having a problem with my computer for over a month now where I can't restart my computer into normal mode. I have to use safe mode with networking to be able to use my computer and access the internet. Every time I've tried to restart into normal mode, my computer has gone to a blue screen and restarted itself over and over with the same message but never going into normal mode.

 

Prior to not being able to log into normal mode, right before this happened, I tried to scan my computer with anti-virus and install new antivirus, but my computer wouldn't install and told me that my computer may be infected. I have been being redirected, and Malwarebytes isn't picking anything up. For over a month I've been working with a really good helper on this site in Maleware forum to try and find the problem and resolve it but we had a lot of issues with my computer so he told me to make a new post here since it might not be a Maleware related issue for the moment.

 

This is the link to the old topic so you can see all the work we did and the things we tried and get a better idea of the problem:

 

http://www.bleepingcomputer.com/forums/t/525484/blue-screen-unable-to-install-anti-virus-programs-redirecting-infected/page-5#entry3351524

 

This is the error message from the blue screen I've been getting whenever I restart my computer.

 

A problem has been detected and windows has been shut down to prevent damage to your computer.

 

PAGE_FAULT_IN_NONPAGED_AREA

 

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again follow these steps:

 

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

 

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select safe mode.

 

Technical Information:

 

***STOP:0X00000050 (OXFFFFF880009B0956, 0X0000000000000000,0XFFFFF80002E74770, 0X0000000000000000)

 

Collecting data for crash dump...

Initializing disk for crash dump...

Beginning dump of physical memory...

Dumping physical memory to disk: 100

Physical memory dump complete.

 

Contact your system admin or technical group for assistance.

 

 

I would really appreciate your help in resolving this problem. If you have any additional questions or need more information please let me know! Thank you.



BC AdBot (Login to Remove)

 


m

#2 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 30 April 2014 - 11:20 PM

Hi

 

Please upload the crash dump files with next reply. You will find the crash dump files inside C:\Windows\Minidump folder. To copy the dumps, disable "User Account Control" first. Otherwise you may receive a permission error. After disabling UAC, copy and zip all the dumps and create an archive. Either attach the zip with next reply using "More reply options --> Attach files" or use a free file hosting site. 



#3 Antony88

Antony88
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 02 May 2014 - 11:09 PM

Hello,

thank you for helping me! :)

 

I found the minidump files and copied all of them and put them in a zip file but when I attached it to this message, the upload was 'skipped' because the file was too big to upload. I tried again, but the same thing happened, so I wasn't able to upload them. What should I do now?



#4 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 03 May 2014 - 01:04 AM

Hi

 

Please use "7-zip" to compress the dumps. It will greatly reduce the size.

 

http://www.7-zip.org/download.html



#5 Antony88

Antony88
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 04 May 2014 - 07:27 PM

Hello,

 

I tired to install 7zip but it wouldn't run and I got this error message instead:


Windows Installer said: The windows install service is not accessible in Safe Mode. Please try again when your computer is not in Safe Mode  or you can use system restore to return your machine to a previous good state.
 

Since I can't use 7zip, will Winrar work to compress the file size? I have Winrar which can open and extract zip files and I think it can compress them, but I'm not sure how.

And is it normal for me not to be able to install in Safe Mode? I think I was able to install things when Marius was helping me, so is this a new problem? Or is it normal for 7zip not to be able to be installed in Safe Mode with Networking?



#6 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 04 May 2014 - 10:57 PM

 

 

And is it normal for me not to be able to install in Safe Mode?

 

Yes, Windows installer won't work in "Safe Mode".  

 

 

You can upload the zipped crash dumps to a free file sharing site like https://onedrive.live.com/about/en-in/ or http://www.mediafire.com/ and post the link to download.



#7 Antony88

Antony88
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 04 May 2014 - 11:38 PM

Ok, thank you, here is the link to the minidump files in mediafire, please let me know when you have downloaded the file so that I can remove it from my mediafire files.
 

Here it is: http://www.mediafire.com/download/v9ov7735c8a3q47/040914-28220-01.zip


Edited by Antony88, 04 May 2014 - 11:38 PM.


#8 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 05 May 2014 - 01:57 AM

Hi

 

Thanks for uploading the dumps. I will check them and post my findings in next reply. You can delete the dumps but that is not necessary. It won't contain any kind of personal info.



#9 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 05 May 2014 - 02:09 AM

Hi

 

Every single crash happened to your system is cause by a mysterious driver named 2700619drv.sys.

BugCheck 50, {fffff88003004c16, 0, fffff80002ec4770, 0}

Unable to load image \SystemRoot\system32\DRIVERS\2700619drv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for 2700619drv.sys
*** ERROR: Module load completed but symbols could not be loaded for 2700619drv.sys

I never saw it before but by examining the thread activity i suppose the driver is some kind of file system filter driver. We should first identify the parent program which installed this mysterious driver. Will you please zip and upload the driver with next reply ?.

It's location is inside "C:\Windows\System32\Drivers" folder.



#10 Antony88

Antony88
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 05 May 2014 - 11:53 PM

Hello,

 

Wow I've never seen it before either. I have no idea what it is. Thank you for helping me find it! I zipped the driver and uploaded it to this reply.

Attached Files



#11 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 06 May 2014 - 12:29 AM

Hi

 

As i suspected earlier, the driver belongs to "Kaspersky Lab".  Since this driver might have numerous references in registry, removing it directly may damage the OS. 

 

 

 

Then I tried to use Kaspersky's Anti-virus removal tool and my computer crashed and a blue screen popped up and my computer restared to protect the system.  

 

So t looks like this driver is installed by "Kaspersky removal Tool". I have seen the virus removal tool's behavior of naming it's driver with random characters ( probability to defeat malwares which may block the tool from running if a unique name is used ). 

 

Please try the below steps to remove the offending driver ( i think it is clashing with your existing AV's counterpart driver ).

 

1. Download "Kaspersky Uninstall Tool" from the below link.

 

    http://media.kaspersky.com/utilities/consumerutilities/kavremover.exe

 

2. Run it from "Safe Mode" and select "AVP Tool Driver" from the drop down list. Enter the captcha correctly and press the "Remove" button and follow on screen instructions.

 

3. When the removal completed, try to boot the system in to normal mode.

 

If the BSOD still continues ( hope to not ), please upload the latest crash dump with next reply.

 

( since our time zones are different, please expect delay in response ).


Edited by Anshad Edavana, 06 May 2014 - 12:22 PM.


#12 Antony88

Antony88
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 06 May 2014 - 04:45 PM

Hello,

 

You are amazing. I can't believe it was something so simple. I am writing you from normal mode right now. It worked!  After the removal tool finished I restarted my computer from safe mode with networking and it loaded into normal mode :)

 

I am not sure what to do now. Is there any way to make sure the problem is solved? Does this mean it wasn't a virus and my computer is not infected by anything?



#13 Anshad Edavana

Anshad Edavana

  • BC Advisor
  • 2,805 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 06 May 2014 - 11:13 PM

 

 

I am not sure what to do now. Is there any way to make sure the problem is solved? Does this mean it wasn't a virus and my computer is not infected by anything?

 

I would recommend contacting tb-psychotic and request him to inspect the system in normal mode. If there is some deep hidden malware, only a trained malware helper can tell.



#14 Antony88

Antony88
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 08 May 2014 - 03:48 PM

Ok, I will contact him then. :)

 

Thank you so much for your help!! You guys are amazing!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users